from jwt import encode, decode, ExpiredSignatureError, InvalidTokenError
from env import SECRET_KEY
from datetime import datetime, timedelta, timezone

def generate_token(user_id, role):
    payload = {
        "user_id": user_id,
        "role": role,
        "exp": datetime.now(timezone.utc) + timedelta(days=7)
    }
    token = encode(payload, SECRET_KEY, algorithm="HS256")
    return token

def verify_token(token):
    try:
        payload = decode(token, SECRET_KEY, algorithms=["HS256"])
        return payload.get("user_id"), payload.get("role")
    except ExpiredSignatureError:
        return None, None
    except InvalidTokenError:
        return None, None