package auth

import "crypto/rand"
import "encoding/base64"
import "errors"
import "time"

import "codit/internal/config"
import "golang.org/x/crypto/bcrypt"

func HashPassword(password string) (string, error) {
	var hash []byte
	var err error
	hash, err = bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return "", err
	}
	return string(hash), nil
}

func ComparePassword(hash, password string) error {
	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
}

func NewSessionToken() (string, error) {
	var buf []byte
	var err error
	buf = make([]byte, 32)
	_, err = rand.Read(buf)
	if err != nil {
		return "", err
	}
	return base64.RawURLEncoding.EncodeToString(buf), nil
}

func SessionExpiry(cfg config.Config) time.Time {
	return time.Now().UTC().Add(cfg.SessionTTL.Duration())
}

var ErrUnauthorized = errors.New("unauthorized")