<?php

declare(strict_types=1);

namespace Modules\Auth\Config;

use CodeIgniter\Shield\Config\AuthToken as ShieldAuthToken;

/**
 * Configuration for Token Auth and HMAC Auth
 */
class AuthToken extends ShieldAuthToken
{
    /**
     * --------------------------------------------------------------------
     * Record Login Attempts for Token Auth and HMAC Auth
     * --------------------------------------------------------------------
     * Specify which login attempts are recorded in the database.
     *
     * Valid values are:
     * - Auth::RECORD_LOGIN_ATTEMPT_NONE
     * - Auth::RECORD_LOGIN_ATTEMPT_FAILURE
     * - Auth::RECORD_LOGIN_ATTEMPT_ALL
     */
    public int $recordLoginAttempt = Auth::RECORD_LOGIN_ATTEMPT_FAILURE;

    /**
     * --------------------------------------------------------------------
     * Name of Authenticator Header
     * --------------------------------------------------------------------
     * The name of Header that the Authorization token should be found.
     * According to the specs, this should be `Authorization`, but rare
     * circumstances might need a different header.
     */
    public array $authenticatorHeader = [
        'tokens' => 'Authorization',
        'hmac'   => 'Authorization',
    ];

    /**
     * --------------------------------------------------------------------
     * Unused Token Lifetime
     * --------------------------------------------------------------------
     * Determines the amount of time, in seconds, that an unused token can
     * be used.
     */
    public int $unusedTokenLifetime = YEAR;

    /**
     * --------------------------------------------------------------------
     * HMAC secret key byte size
     * --------------------------------------------------------------------
     * Specify in integer the desired byte size of the
     * HMAC SHA256 byte size
     */
    public int $hmacSecretKeyByteSize = 32;

    /**
     * --------------------------------------------------------------------
     * HMAC encryption Keys
     * --------------------------------------------------------------------
     * This sets the key to be used when encrypting a user's HMAC Secret Key.
     *
     * 'keys' is an array of keys which will facilitate key rotation. Valid
     *  keyTitles must include only [a-zA-Z0-9_] and should be kept to a
     *  max of 8 characters.
     *
     * Each keyTitle is an associative array containing the required 'key'
     *  value, and the optional 'driver' and 'digest' values. If the
     *  'driver' and 'digest' values are not specified, the default 'driver'
     *  and 'digest' values will be used.
     *
     * Old keys will are used to decrypt existing Secret Keys. It is encouraged
     *  to run 'php spark shield:hmac reencrypt' to update existing Secret
     *  Key encryptions.
     *
     * @see https://codeigniter.com/user_guide/libraries/encryption.html
     *
     * @var array<string, array{key: string, driver?: string, digest?: string}>|string
     *
     * NOTE: The value becomes temporarily a string when setting value as JSON
     *       from environment variable.
     *
     * [key_name => ['key' => key_value]]
     * or [key_name => ['key' => key_value, 'driver' => driver, 'digest' => digest]]
     */
    public $hmacEncryptionKeys = [
        'k1' => [
            'key' => '',
        ],
    ];

    /**
     * --------------------------------------------------------------------
     * HMAC Current Encryption Key Selector
     * --------------------------------------------------------------------
     * This specifies which of the encryption keys should be used.
     */
    public string $hmacEncryptionCurrentKey = 'k1';

    /**
     * --------------------------------------------------------------------
     * HMAC Encryption Key Driver
     * --------------------------------------------------------------------
     * This specifies which of the encryption drivers should be used.
     *
     * Available drivers:
     *     - OpenSSL
     *     - Sodium
     */
    public string $hmacEncryptionDefaultDriver = 'OpenSSL';

    /**
     * --------------------------------------------------------------------
     * HMAC Encryption Key Driver
     * --------------------------------------------------------------------
     * THis specifies the type of encryption to be used.
     *     e.g. 'SHA512' or 'SHA256'.
     */
    public string $hmacEncryptionDefaultDigest = 'SHA512';
}