/**
 * CSRF Protection Types
 * Defines interfaces and types for CSRF protection functionality
 */

export interface CSRFConfig {
  /** Secret key for token generation */
  secret: string;
  /** Token expiration time in milliseconds (default: 1 hour) */
  tokenExpiry?: number;
  /** Cookie name for double-submit pattern */
  cookieName?: string;
  /** Header name for CSRF token */
  headerName?: string;
  /** Form field name for CSRF token */
  fieldName?: string;
  /** Whether to use secure cookies */
  secureCookie?: boolean;
  /** Whether to use httpOnly cookies */
  httpOnlyCookie?: boolean;
  /** SameSite cookie attribute */
  sameSite?: 'strict' | 'lax' | 'none';
}

export interface CSRFToken {
  /** The token value */
  value: string;
  /** Token expiration timestamp */
  expiresAt: number;
  /** Session ID associated with the token */
  sessionId: string;
}

export interface CSRFValidationResult {
  /** Whether the token is valid */
  valid: boolean;
  /** Error message if validation failed */
  error?: string;
  /** Whether the token has expired */
  expired?: boolean;
}

export interface CSRFSession {
  /** Session identifier */
  id: string;
  /** Active tokens for this session */
  tokens: Map<string, CSRFToken>;
  /** Session creation timestamp */
  createdAt: number;
  /** Last activity timestamp */
  lastActivity: number;
}

export interface CSRFRequest {
  /** Request headers */
  headers: Record<string, string>;
  /** Request body (for form data) */
  body?: any;
  /** Request cookies */
  cookies?: Record<string, string>;
  /** Session ID */
  sessionId?: string;
}

export interface CSRFResponse {
  /** Response headers to set */
  headers: Record<string, string>;
  /** Cookies to set */
  cookies: Array<{
    name: string;
    value: string;
    options: {
      httpOnly?: boolean;
      secure?: boolean;
      sameSite?: 'strict' | 'lax' | 'none';
      maxAge?: number;
      path?: string;
    };
  }>;
}