const regChallenges = globalThis.__HTC_WEBAUTHN_REG_CHALLENGES__ || new Map()
const authChallenges = globalThis.__HTC_WEBAUTHN_AUTH_CHALLENGES__ || new Map()
globalThis.__HTC_WEBAUTHN_REG_CHALLENGES__ = regChallenges
globalThis.__HTC_WEBAUTHN_AUTH_CHALLENGES__ = authChallenges

function nowMs() {
  return Date.now()
}

function cleanup(map) {
  const now = nowMs()
  for (const [k, v] of map.entries()) {
    if (!v || !v.expiresAt || v.expiresAt <= now) map.delete(k)
  }
}

export function setRegistrationChallenge(userId, challenge, ttlMs = 5 * 60 * 1000) {
  cleanup(regChallenges)
  regChallenges.set(String(userId), { challenge, expiresAt: nowMs() + ttlMs })
}

export function getRegistrationChallenge(userId) {
  cleanup(regChallenges)
  const v = regChallenges.get(String(userId))
  return v?.challenge || null
}

export function clearRegistrationChallenge(userId) {
  regChallenges.delete(String(userId))
}

export function setAuthChallenge(challenge, ttlMs = 5 * 60 * 1000) {
  cleanup(authChallenges)
  authChallenges.set(String(challenge), { expiresAt: nowMs() + ttlMs })
}

export function consumeAuthChallenge(challenge) {
  cleanup(authChallenges)
  const key = String(challenge)
  const v = authChallenges.get(key)
  if (!v) return false
  authChallenges.delete(key)
  return true
}