"""Authentication service for JWT token generation and validation."""
import jwt
from datetime import datetime, timezone, timedelta
from flask import current_app


class AuthService:
    """Service for handling JWT authentication."""
    
    @staticmethod
    def generate_token(admin):
        """Generate a JWT token for an admin.
        
        Args:
            admin: Admin model instance
            
        Returns:
            JWT token string
        """
        expiration_days = current_app.config.get('JWT_EXPIRATION_DAYS', 7)
        secret_key = current_app.config.get('JWT_SECRET_KEY')
        algorithm = current_app.config.get('JWT_ALGORITHM', 'HS256')
        
        now = datetime.now(timezone.utc)
        payload = {
            'admin_id': admin.id,
            'username': admin.username,
            'iat': now,
            'exp': now + timedelta(days=expiration_days)
        }
        
        token = jwt.encode(payload, secret_key, algorithm=algorithm)
        return token
    
    @staticmethod
    def verify_token(token):
        """Verify and decode a JWT token.
        
        Args:
            token: JWT token string
            
        Returns:
            Decoded payload dict if valid, None if invalid
            
        Raises:
            jwt.ExpiredSignatureError: If token has expired
            jwt.InvalidTokenError: If token is invalid
        """
        secret_key = current_app.config.get('JWT_SECRET_KEY')
        algorithm = current_app.config.get('JWT_ALGORITHM', 'HS256')
        
        payload = jwt.decode(token, secret_key, algorithms=[algorithm])
        return payload