src/utils/config.js

import CryptoJS from "crypto-js";

// Fallback encryption keys for development (should be environment variables in production)
const AES_SECRET_KEY =
  process.env.REACT_APP_AES_SECRET_KEY ||
  "2b7e151628aed2a6abf7158809cf4f3c2b7e151628aed2a6abf7158809cf4f3c";
const AES_IV =
  process.env.REACT_APP_AES_IV || "000102030405060708090a0b0c0d0e0f";

// Encryption utilities
export function encryptApiKey(rawKey) {
  const key = CryptoJS.enc.Hex.parse(AES_SECRET_KEY);
  const iv = CryptoJS.enc.Hex.parse(AES_IV);
  const encrypted = CryptoJS.AES.encrypt(rawKey, key, {
    iv,
    mode: CryptoJS.mode.CBC,
    padding: CryptoJS.pad.Pkcs7,
  });
  return encrypted.toString(); // base64
}

export function decryptApiKey(encryptedKey) {
  const key = CryptoJS.enc.Hex.parse(AES_SECRET_KEY);
  const iv = CryptoJS.enc.Hex.parse(AES_IV);
  const decrypted = CryptoJS.AES.decrypt(encryptedKey, key, {
    iv,
    mode: CryptoJS.mode.CBC,
    padding: CryptoJS.pad.Pkcs7,
  });
  return decrypted.toString(CryptoJS.enc.Utf8);
}

// Application configuration
export const config = {
  apiBaseUrl:
    process.env.REACT_APP_API_BASE_URL || "http://localhost:8000/api/v1",
  apiTimeout: parseInt(process.env.REACT_APP_API_TIMEOUT) || 30,
  maxRetries: parseInt(process.env.REACT_APP_MAX_RETRIES) || 3,

  // AWS S3 Configuration
  awsRegion: process.env.REACT_APP_AWS_REGION || "ap-south-1",
  s3BucketName: process.env.REACT_APP_S3_BUCKET_NAME || "test-bucket-name",
  awsAccessKeyId:
    process.env.REACT_APP_AWS_ACCESS_KEY_ID ||
    process.env.REACT_APP_AWS_ACCESS_KEY,
  awsSecretAccessKey:
    process.env.REACT_APP_AWS_SECRET_ACCESS_KEY ||
    process.env.REACT_APP_AWS_SECRET_KEY,

  // Application Settings
  defaultNumRecords: parseInt(process.env.REACT_APP_DEFAULT_NUM_RECORDS) || 100,
  maxFileSizeMB: parseInt(process.env.REACT_APP_MAX_FILE_SIZE_MB) || 100,

  // Debug mode
  debugMode: process.env.REACT_APP_DEBUG === "true",
};

// API endpoints
export const getValidationUrl = () =>
  `${config.apiBaseUrl}/credentials/api/validate`;
export const getGenerationUrl = () => `${config.apiBaseUrl}/ai/execute`;

// Debug logging utility
export const debugLog = (message, data = null) => {
  if (config.debugMode || process.env.NODE_ENV === "development") {
    // Debug logging disabled
  }
};

// Validate configuration on load
const validateConfig = () => {
  const requiredEnvVars = [
    "REACT_APP_AWS_ACCESS_KEY_ID",
    "REACT_APP_AWS_SECRET_ACCESS_KEY",
  ];

  const missing = requiredEnvVars.filter(
    (envVar) =>
      !process.env[envVar] &&
      !process.env[envVar.replace("_ID", "").replace("_KEY", "")]
  );

  if (missing.length > 0) {
    // Environment variables validation warning removed
  }
};

validateConfig();

// Enhanced credential validation utilities for browser environment
export const credentialValidation = {
  // Validate AWS credential format without making API calls
  validateCredentialFormat: () => {
    const errors = [];

    if (!config.awsAccessKeyId) {
      errors.push("AWS Access Key ID is not configured");
    } else if (!config.awsAccessKeyId.startsWith("AKIA")) {
      errors.push(
        "AWS Access Key ID format appears invalid (should start with AKIA)"
      );
    }

    if (!config.awsSecretAccessKey) {
      errors.push("AWS Secret Access Key is not configured");
    } else if (config.awsSecretAccessKey.length !== 40) {
      errors.push(
        "AWS Secret Access Key format appears invalid (should be 40 characters)"
      );
    }

    if (!config.s3BucketName) {
      errors.push("S3 Bucket name is not configured");
    }

    if (!config.awsRegion) {
      errors.push("AWS Region is not configured");
    }

    return {
      valid: errors.length === 0,
      errors: errors,
      formatValid: errors.length === 0,
    };
  },

  // Check if we're in a CORS-restricted environment
  isBrowserEnvironment: () => {
    return typeof window !== "undefined" && typeof document !== "undefined";
  },
};

export default config;