package totp_tier_two

import (
	"cmii-uav-watchdog-common/utils"
	"cmii-uav-watchdog-common/wdd_log"
	otp "cmii-uav-watchdog-otp"
	"cmii-uav-watchdog-otp/totp"
)

var TierTwoTOTPSecretOpts = totp.GenerateOpts{
	SecretSize:  32,
	Issuer:      "cmii-uav-watchdog",
	AccountName: "cmii-uav-watchdog",
	Period:      30,
	Secret:      []byte{},
	Digits:      otp.DigitsSix,
	Algorithm:   otp.AlgorithmSHA1,
	Rand:        nil,
}

// GenerateTierTwoTOTPSecret 生成二级TOTP密钥
func GenerateTierTwoTOTPSecret() (string, error) {
	secret, err := totp.Generate(TierTwoTOTPSecretOpts)
	if err != nil {
		wdd_log.Error("生成TOTP密钥失败: %v", err)
		return "", err
	}
	wdd_log.Info("生成TOTP密钥成功: %s", secret.Secret())
	return secret.Secret(), nil
}

// GenerateTierTwoTOTPCode 生成二级TOTP验证码
func GenerateTierTwoTOTPCode(secret string) (string, error) {
	validateOpts := totp.ValidateOpts{}
	validateOpts.ConvertToValidateOpts(TierTwoTOTPSecretOpts)
	code, err := totp.GenerateCodeCustom(secret, utils.CurentTime(), validateOpts)
	if err != nil {
		wdd_log.Error("TierTwo TOTP验证码生成失败: %v", err)
		return "", err
	}
	return code, nil
}

// VerifyTierTwoTOTPCode 验证二级TOTP验证码
func VerifyTierTwoTOTPCode(code string, secret string) bool {
	validateOpts := totp.ValidateOpts{}
	validateOpts.ConvertToValidateOpts(TierTwoTOTPSecretOpts)
	valid, err := totp.ValidateCustom(code, secret, utils.CurentTime(), validateOpts)
	if err != nil {
		wdd_log.Error("TierTwo TOTP验证失败: %v", err)
		return false
	}
	return valid
}