package auth

import (
	"crypto/rand"
	"crypto/sha256"
	"encoding/base64"
	"encoding/hex"
	"time"
)

const tokenBytes = 32

func NewToken() (string, error) {
	buf := make([]byte, tokenBytes)
	if _, err := rand.Read(buf); err != nil {
		return "", err
	}

	return base64.RawURLEncoding.EncodeToString(buf), nil
}

func HashToken(plainToken string) string {
	sum := sha256.Sum256([]byte(plainToken))
	return hex.EncodeToString(sum[:])
}

func VerifyTokenExpiresAt(now time.Time) time.Time {
	return now.UTC().Add(24 * time.Hour)
}

func ResetTokenExpiresAt(now time.Time) time.Time {
	return now.UTC().Add(1 * time.Hour)
}