package domain

import "time"

// AuthCodePurpose identifies what an auth code is used for.
type AuthCodePurpose string

const (
	PurposeLoginOTP      AuthCodePurpose = "login_otp"
	PurposeMagicLink     AuthCodePurpose = "magic_link"
	PurposePasswordReset AuthCodePurpose = "password_reset"
	PurposeEmailVerify   AuthCodePurpose = "email_verify"
)

// AuthCode is a single-use, time-limited code for authentication flows.
// Used by OTP login, magic links, password reset, and email verification.
type AuthCode struct {
	ID        string
	UserID    *UserID // Nullable for magic link signup
	Email     string
	Code      string
	Purpose   AuthCodePurpose
	ExpiresAt time.Time
	UsedAt    *time.Time
	IPAddress string
	CreatedAt time.Time
}

// IsValid returns true if the code has not been used and has not expired.
func (c *AuthCode) IsValid() bool {
	return c.UsedAt == nil && time.Now().Before(c.ExpiresAt)
}