const isProduction = process.env.NODE_ENV === "production";
const forceSecureCookie = process.env.COOKIE_SECURE === "true";

const COOKIE_MAX_AGE_MS = 1000 * 60 * 60 * 24 * 90; // 90 days
const LOCAL_ORIGIN_REGEX = /^http:\/\/(localhost|127\.0\.0\.1|aeropi\.local)(:\d+)?$/i;
const LOCAL_HOST_REGEX = /^(localhost|127\.0\.0\.1|aeropi\.local)(:\d+)?$/i;

const getHeaderValue = (req, key) => {
    if (!req || !req.headers) return "";
    const raw = req.headers[key];
    if (Array.isArray(raw)) return raw[0] || "";
    return raw || "";
};

const isLocalRequest = (req) => {
    const origin = getHeaderValue(req, "origin");
    const host = getHeaderValue(req, "host");
    return LOCAL_ORIGIN_REGEX.test(origin) || LOCAL_HOST_REGEX.test(host);
};

const isHttpsRequest = (req) => {
    if (!req) return false;
    const forwardedProto = String(getHeaderValue(req, "x-forwarded-proto")).split(",")[0].trim().toLowerCase();
    const reqProtocol = String(req.protocol || "").toLowerCase();
    const origin = String(getHeaderValue(req, "origin") || "").toLowerCase();
    if (forwardedProto === "https" || reqProtocol === "https") return true;
    return origin.startsWith("https://");
};

const shouldUseSecureCookie = (req) => {
    if (forceSecureCookie) return true;
    if (isLocalRequest(req)) return false;
    if (isHttpsRequest(req)) return true;
    return isProduction;
};

const getCookiesOptions = (req) => {
    const secure = shouldUseSecureCookie(req);
    return {
        maxAge: COOKIE_MAX_AGE_MS,
        httpOnly: true,
        sameSite: secure ? "none" : "lax",
        secure,
    };
};

const cookiesOptions = getCookiesOptions();

module.exports = { cookiesOptions, getCookiesOptions };