import base64
import hashlib
import hmac
import secrets
from time import time

from rvpc.auth.tokens.typing import GenericToken


def make_token_generator(key: str):
    def token_generator(
        id: int | str,
        token_type: str,
        expires_in: int = 900,
    ) -> tuple[str, GenericToken]:
        nonce = secrets.token_hex(16)
        expires_at = int(time()) + expires_in

        payload = f"{token_type}:{id}:{nonce}:{expires_at}"
        payload_bytes = payload.encode()
        payload_b64 = base64.urlsafe_b64encode(payload_bytes).decode()

        signature = hmac.new(
            key.encode(), payload_bytes, hashlib.sha256
        ).hexdigest()

        token = f"{payload_b64}.{signature}"
        token_info = GenericToken(
            nonce=nonce, token_type=token_type, expires_at=expires_at
        )

        return token, token_info

    return token_generator