import { SignJWT, jwtVerify } from "jose";

const SECRET = new TextEncoder().encode(process.env.PM_SESSION_SECRET ?? "");

export interface SessionPayload {
  sub: string;
  iat?: number;
  exp?: number;
}

export async function signSession(payload: { sub: string }): Promise<string> {
  return await new SignJWT({ sub: payload.sub })
    .setProtectedHeader({ alg: "HS256" })
    .setIssuedAt()
    .setExpirationTime("7d")
    .sign(SECRET);
}

export async function verifySession(token: string): Promise<SessionPayload | null> {
  try {
    const { payload } = await jwtVerify(token, SECRET);
    if (typeof payload.sub !== "string") return null;
    return payload as SessionPayload;
  } catch {
    return null;
  }
}
