namespace GmRelay.Web.Services;

public sealed class DiscordOAuthStateStore(ILogger<DiscordOAuthStateStore> logger)
{
    private readonly System.Collections.Concurrent.ConcurrentDictionary<string, DateTime> _states = new();

    public string CreateState()
    {
        var state = Guid.NewGuid().ToString("N");
        _states[state] = DateTime.UtcNow.AddMinutes(5);
        logger.LogDebug("Discord OAuth state created: {State}", state);
        return state;
    }

    public bool ValidateAndRemove(string state)
    {
        if (!_states.TryRemove(state, out var expiresAt))
        {
            logger.LogWarning("Discord OAuth state not found or already used: {State}", state);
            return false;
        }

        if (DateTime.UtcNow > expiresAt)
        {
            logger.LogWarning("Discord OAuth state expired: {State}", state);
            return false;
        }

        logger.LogDebug("Discord OAuth state validated: {State}", state);
        return true;
    }
}