// app/lib/auth-cookies.ts
import { NextResponse } from "next/server";

export type TokenBundle = {
    access_token: string;
    refresh_token?: string;
    /** Directus returns seconds-until-expiration */
    expires?: number;
};

export type PublicUser = {
    id: string;
    email: string;
    username: string;
};

/**
 * Mutates `res` in-place to set auth cookies.
 * Keeps tokens HttpOnly; sets SameSite=Lax; Secure for HTTPS.
 */
export function setAuthCookies(
    res: NextResponse,
    tokens: TokenBundle,
    _user?: PublicUser
): void {
    const maxAge = typeof tokens.expires === "number" ? tokens.expires : 60 * 60 * 12; // 12h default

    // Access token
    if (tokens.access_token) {
        res.cookies.set("ma_access", tokens.access_token, {
            httpOnly: true,
            sameSite: "lax",
            secure: true,
            path: "/",
            maxAge,
        });
    }

    // Refresh token (if present)
    if (tokens.refresh_token) {
        // Give it a longer lifetime (fallback 30 days) if Directus didn’t specify one
        const refreshMaxAge =
        typeof tokens.expires === "number" ? tokens.expires * 4 : 60 * 60 * 24 * 30;

        res.cookies.set("ma_refresh", tokens.refresh_token, {
            httpOnly: true,
            sameSite: "lax",
            secure: true,
            path: "/",
            maxAge: refreshMaxAge,
        });
    }
}