package auth

import (
	"sync"
	"time"
)

// TokenCacheEntry represents a cached access token
type TokenCacheEntry struct {
	AccessToken string
	ExpiresAt   time.Time
}

// TokenCache is a simple in-memory cache for ATProto access tokens
type TokenCache struct {
	mu     sync.RWMutex
	tokens map[string]*TokenCacheEntry
}

var globalTokenCache = &TokenCache{
	tokens: make(map[string]*TokenCacheEntry),
}

// GetGlobalTokenCache returns the global token cache instance
func GetGlobalTokenCache() *TokenCache {
	return globalTokenCache
}

// Set stores an access token for a DID
func (tc *TokenCache) Set(did, accessToken string, ttl time.Duration) {
	tc.mu.Lock()
	defer tc.mu.Unlock()

	tc.tokens[did] = &TokenCacheEntry{
		AccessToken: accessToken,
		ExpiresAt:   time.Now().Add(ttl),
	}
}

// Get retrieves an access token for a DID
func (tc *TokenCache) Get(did string) (string, bool) {
	tc.mu.RLock()
	defer tc.mu.RUnlock()

	entry, ok := tc.tokens[did]
	if !ok {
		return "", false
	}

	// Check if expired
	if time.Now().After(entry.ExpiresAt) {
		return "", false
	}

	return entry.AccessToken, true
}

// Delete removes a cached token
func (tc *TokenCache) Delete(did string) {
	tc.mu.Lock()
	defer tc.mu.Unlock()

	delete(tc.tokens, did)
}