import fs from 'fs';
import path from 'path';

const OTP_FILE = path.join(process.cwd(), 'auth-otp.json');

interface OTPData {
  code: string;
  expiresAt: number;
}

// Map username -> OTP Data
type OTPStore = Record<string, OTPData>;

function getStore(): OTPStore {
  if (!fs.existsSync(OTP_FILE)) return {};
  try {
    return JSON.parse(fs.readFileSync(OTP_FILE, 'utf8'));
  } catch {
    return {};
  }
}

function saveStore(store: OTPStore) {
  try {
    fs.writeFileSync(OTP_FILE, JSON.stringify(store));
  } catch (err) {
    console.error("Error saving OTP store:", err);
  }
}

export function generateOTP(username: string): string {
  const code = Math.floor(100000 + Math.random() * 900000).toString(); // 6 digits
  const store = getStore();
  
  store[username] = {
    code,
    expiresAt: Date.now() + 5 * 60 * 1000, // 5 minutes
  };
  
  saveStore(store);
  return code;
}

export function verifyOTP(username: string, code: string): boolean {
  const store = getStore();
  const entry = store[username];
  
  if (!entry) return false;
  
  if (Date.now() > entry.expiresAt) {
    delete store[username];
    saveStore(store);
    return false;
  }
  
  // Compare strings safely
  if (String(entry.code).trim() === String(code).trim()) {
    delete store[username]; // Consume OTP so it can't be reused
    saveStore(store);
    return true;
  }
  
  return false;
}