export type TMfaMethod = 'totp' | 'backupCode' | 'passkey';

export type TMfaChallengeStatus = 'pending' | 'completed' | 'expired';

export type TTotpCredentialStatus = 'pending' | 'active' | 'disabled';

export interface ITotpBackupCode {
  id: string;
  codeHash: string;
  usedAt?: number | null;
  createdAt: number;
}

export interface ITotpCredential {
  id: string;
  data: {
    userId: string;
    status: TTotpCredentialStatus;
    secretCiphertext: string;
    secretIv: string;
    secretAuthTag: string;
    algorithm: 'sha1' | 'sha256' | 'sha512';
    digits: 6 | 7 | 8;
    period: number;
    backupCodes: ITotpBackupCode[];
    createdAt: number;
    verifiedAt?: number | null;
    disabledAt?: number | null;
    lastUsedAt?: number | null;
  };
}

export interface IMfaChallenge {
  id: string;
  data: {
    userId: string;
    tokenHash: string;
    status: TMfaChallengeStatus;
    availableMethods: TMfaMethod[];
    primaryAuthMethod: 'password' | 'email';
    createdAt: number;
    expiresAt: number;
    completedAt?: number | null;
  };
}