using System.Security.Cryptography;
using System.Text;

namespace Clarity.Server.Data;

public static class BlindIndexHelper
{
    // In a real environment, this "Pepper" comes from your TenantKeyProvider or Vault!
    // It must NEVER change once records are written, or searches will break.
    public static string Compute(string? input, byte[] staticPepper)
    {
        if (string.IsNullOrWhiteSpace(input)) return string.Empty;

        // 1. Normalize (Remove dashes, spaces, make uppercase)
        var normalized = input.Replace("-", "").Replace(" ", "").ToUpperInvariant();

        // 2. Hash using HMAC-SHA256 and the static Pepper
        using var hmac = new HMACSHA256(staticPepper);
        var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(normalized));

        // 3. Return Base64 for database storage
        return Convert.ToBase64String(hashBytes);
    }
}

[AttributeUsage(AttributeTargets.Property)]
public class BlindIndexedAttribute : Attribute
{
    public string TargetPropertyName { get; }

    public BlindIndexedAttribute(string targetPropertyName)
    {
        TargetPropertyName = targetPropertyName;
    }
}