import {
  hashPassword as hashPasswordUtil,
  verifyPassword as verifyPasswordUtil,
} from "@reviq/server-utils";
import zxcvbn from "zxcvbn";

export interface PasswordValidationResult {
  valid: boolean;
  feedback: string[];
  score: number;
}

/**
 * Validate password strength using zxcvbn
 * @param password - The password to validate
 * @param userInputs - User-specific inputs to penalize (email, display name)
 * @returns Validation result with feedback if invalid
 */
export const validatePassword = (
  password: string,
  userInputs: string[] = [],
): PasswordValidationResult => {
  const result = zxcvbn(password, userInputs);

  if (result.score < 3) {
    const feedback =
      result.feedback.suggestions.length > 0
        ? result.feedback.suggestions
        : [
            "Password is too weak. Try a longer phrase or add numbers and symbols.",
          ];

    return {
      valid: false,
      feedback,
      score: result.score,
    };
  }

  return {
    valid: true,
    feedback: [],
    score: result.score,
  };
};

/**
 * Hash a password using PBKDF2-SHA256 (Cloudflare Workers compatible)
 */
export const hashPassword = hashPasswordUtil;

/**
 * Verify a password against a stored hash
 */
export const verifyPassword = verifyPasswordUtil;