import crypto from 'crypto';

const algorithm = 'aes-256-ecb';

const secret = process.env.SECRET_KEY;
if (!secret) {
    console.warn('[encryption] SECRET_KEY fehlt – verwende unsicheren Fallback (nur für Entwicklung).');
}
const key = crypto.scryptSync(secret || 'DEV_FALLBACK_SECRET', 'salt', 32);

export const generateIv = () => {
    return crypto.randomBytes(16).toString('base64');
};

export const encrypt = (text) => {
    const cipher = crypto.createCipheriv(algorithm, key, null);
    let encrypted = cipher.update(text, 'utf8', 'hex'); 
    encrypted += cipher.final('hex');
    return encrypted;
};

export const decrypt = (text) => {
    try {
        const decipher = crypto.createDecipheriv(algorithm, key, null);
        let decrypted = decipher.update(text, 'hex', 'utf8'); 
        decrypted += decipher.final('utf8');
        return decrypted;
    } catch (error) {
        console.log(error);
        return null;    
    }
};