namespace PlanTempus.Core.Entities.Users
{
    public static class PasswordHasher
    {
        private const int _saltSize = 16; // 128 bit
        private const int _keySize = 32;  // 256 bit
        private const int _iterations = 100000;

        public static string HashPassword(string password)
        {
            using (var algorithm = new System.Security.Cryptography.Rfc2898DeriveBytes(
                password,
                _saltSize,
                _iterations,
                System.Security.Cryptography.HashAlgorithmName.SHA256))
            {
                var key = Convert.ToBase64String(algorithm.GetBytes(_keySize));
                var salt = Convert.ToBase64String(algorithm.Salt);

                return $"{_iterations}.{salt}.{key}";
            }
        }

        public static bool VerifyPassword(string hash, string password)
        {
            var parts = hash.Split('.', 3);
            if (parts.Length != 3)
            {
                return false;
            }

            var iterations = Convert.ToInt32(parts[0]);
            var salt = Convert.FromBase64String(parts[1]);
            var key = Convert.FromBase64String(parts[2]);

            using (var algorithm = new System.Security.Cryptography.Rfc2898DeriveBytes(
                password,
                salt,
                iterations,
                System.Security.Cryptography.HashAlgorithmName.SHA256))
            {
                var keyToCheck = algorithm.GetBytes(_keySize);
                return keyToCheck.SequenceEqual(key);
            }
        }
    }
}