/**
 * Cookie configuration helpers
 * Automatically uses secure settings in production
 */

const isProduction = process.env.NODE_ENV === 'production';

/**
 * Get cookie options for authentication cookies
 */
export function getAuthCookieOptions() {
  return {
    httpOnly: true,
    secure: isProduction, // HTTPS only in production
    sameSite: 'lax' as const,
    maxAge: 60 * 60 * 24 * 7, // 7 days
  };
}

/**
 * Get cookie options for CSRF tokens
 * Note: httpOnly is false so the client can read it, but we verify via double-submit pattern
 */
export function getCsrfCookieOptions() {
  return {
    httpOnly: false, // Client needs to read this token for the header
    secure: isProduction, // HTTPS only in production
    sameSite: 'lax' as const,
    maxAge: 60 * 60 * 24, // 24 hours
    path: '/', // Available on all paths
  };
}

/**
 * Check if running in production
 */
export function isProductionEnvironment(): boolean {
  return isProduction;
}