/**
 * API key management
 *
 * Handles generation, storage, and retrieval of the API key for CSRF protection.
 * Uses centralized electronUserData methods for path validation.
 */

import crypto from 'crypto';
import {
  electronUserDataExists,
  electronUserDataReadFileSync,
  electronUserDataWriteFileSync,
} from '@automaker/platform';
import { createLogger } from '@automaker/utils/logger';
import { API_KEY_FILENAME } from '../constants';
import { state } from '../state';

const logger = createLogger('ApiKeyManager');

/**
 * Ensure an API key exists - load from file or generate new one.
 * This key is passed to the server for CSRF protection.
 * Uses centralized electronUserData methods for path validation.
 */
export function ensureApiKey(): string {
  try {
    if (electronUserDataExists(API_KEY_FILENAME)) {
      const key = electronUserDataReadFileSync(API_KEY_FILENAME).trim();
      if (key) {
        state.apiKey = key;
        logger.info('Loaded existing API key');
        return state.apiKey;
      }
    }
  } catch (error) {
    logger.warn('Error reading API key:', error);
  }

  // Generate new key
  state.apiKey = crypto.randomUUID();
  try {
    electronUserDataWriteFileSync(API_KEY_FILENAME, state.apiKey, {
      encoding: 'utf-8',
      mode: 0o600,
    });
    logger.info('Generated new API key');
  } catch (error) {
    logger.error('Failed to save API key:', error);
  }
  return state.apiKey;
}

/**
 * Get the current API key
 */
export function getApiKey(): string | null {
  return state.apiKey;
}