package config

// Config is auth module settings (embedded in gateway root config).
type Config struct {
	AccessExpire  int64  `json:",optional"`
	RefreshExpire int64  `json:",optional"`
	ActiveKID     string `json:",optional"`
	AccessSecret  string `json:",optional,env=JWT_ACCESS_SECRET"`
	RefreshSecret string `json:",optional,env=JWT_REFRESH_SECRET"`
	// RegistrationSessionTTLSeconds is used by register/social flow (PR 6).
	RegistrationSessionTTLSeconds int `json:",optional"`
}

// Defaults returns zero-value-safe defaults.
func (c Config) Defaults() Config {
	if c.AccessExpire <= 0 {
		c.AccessExpire = 900
	}
	if c.RefreshExpire <= 0 {
		c.RefreshExpire = 604800
	}
	if c.ActiveKID == "" {
		c.ActiveKID = "v1"
	}
	if c.RegistrationSessionTTLSeconds <= 0 {
		c.RegistrationSessionTTLSeconds = 600
	}
	return c
}

// Enabled reports whether JWT signing is configured.
func (c Config) Enabled() bool {
	c = c.Defaults()
	return c.AccessSecret != "" && c.RefreshSecret != ""
}