package captcha

import (
	"encoding/base64"
	"fmt"
	"time"

	lzcrypto "xingfucha-server/pkg/lzkit/crypto"
)

// GenerateEncryptedSceneID 生成加密场景ID
// sceneId: 场景ID
// ekey: 加密密钥(Base64编码)
// expireSeconds: 过期时间(秒)
// 返回: 加密后的场景ID(Base64编码)
func GenerateEncryptedSceneID(sceneId, ekey string, expireSeconds int) (string, error) {
	// 默认过期时间1小时
	if expireSeconds <= 0 || expireSeconds > 86400 {
		expireSeconds = 3600
	}

	// 生成时间戳
	ts := time.Now().Unix()

	// 构建明文: sceneId&timestamp&expireTime
	plaintext := fmt.Sprintf("%s&%d&%d", sceneId, ts, expireSeconds)

	// Base64解码ekey
	keyBytes, err := base64.StdEncoding.DecodeString(ekey)
	if err != nil {
		return "", fmt.Errorf("decode ekey error: %w", err)
	}

	// 检查密钥长度(必须是32字节)
	if len(keyBytes) != 32 {
		return "", fmt.Errorf("invalid ekey length, need 32 bytes after base64 decode, got %d", len(keyBytes))
	}

	// 使用AES加密
	encrypted, err := lzcrypto.AesEncrypt([]byte(plaintext), keyBytes)
	if err != nil {
		return "", fmt.Errorf("aes encrypt error: %w", err)
	}

	return encrypted, nil
}