// server/verify.js
const { decrypt } = require('./utils/crypto');
const { hashLicenseKey } = require('./keygen');
const { getLicense } = require('./models/license');

const verifyLicenseKey = async (userId, token) => {
  try {
    const payload = decrypt(token);
    if (payload.userId !== userId) return false;

    const storedLicense = await getLicense(userId);
    const hashed = hashLicenseKey(payload.rawKey);

    if (storedLicense.hashed_key !== hashed) return false;
    if (storedLicense.license_type !== 'one-time' && storedLicense.valid_until && new Date(storedLicense.valid_until) < new Date()) return false;

    return true;
  } catch (err) {
    return false;
  }
};

module.exports = { verifyLicenseKey };