from cryptography.fernet import Fernet
from base64 import urlsafe_b64encode
from app.core.config import settings

# Generate a key from the secret key
def get_fernet_key():
    """Generate a Fernet key from the application secret key."""
    # Convert secret key to bytes and ensure it's 32 bytes
    key_bytes = settings.SECRET_KEY.encode()
    # Pad or truncate to 32 bytes
    key_bytes = key_bytes.ljust(32, b'0')[:32]
    # Convert to URL-safe base64-encoded bytes (Fernet requirement)
    return urlsafe_b64encode(key_bytes)


# Initialize Fernet with the key
_fernet = Fernet(get_fernet_key())


def encrypt_secret(secret: str) -> str:
    """
    Encrypt a secret string.
    
    Args:
        secret: The secret string to encrypt
        
    Returns:
        The encrypted secret as a string
    """
    encrypted = _fernet.encrypt(secret.encode())
    return encrypted.decode()


def decrypt_secret(encrypted_secret: str) -> str:
    """
    Decrypt an encrypted secret string.
    
    Args:
        encrypted_secret: The encrypted secret string
        
    Returns:
        The decrypted secret as a string
    """
    decrypted = _fernet.decrypt(encrypted_secret.encode())
    return decrypted.decode()