import type { NextAuthConfig } from "next-auth";

// Edge-safe auth config — no native modules (no argon2, no prisma).
// Used by auth-edge.ts (middleware) to verify JWT sessions without
// pulling in Node.js-only packages into the Edge runtime.
export const authConfig = {
  pages: {
    signIn: "/auth/signin",
  },
  providers: [],
  session: {
    strategy: "jwt",
    maxAge: 28800,    // 8 hours absolute timeout
    updateAge: 1800,  // refresh token every 30 minutes
  },
  cookies: {
    sessionToken: {
      name: "authjs.session-token",
      options: {
        httpOnly: true,
        sameSite: "strict" as const,
        path: "/",
        secure: process.env.NODE_ENV === "production",
      },
    },
    callbackUrl: {
      name: "authjs.callback-url",
      options: {
        httpOnly: true,
        sameSite: "strict" as const,
        path: "/",
        secure: process.env.NODE_ENV === "production",
      },
    },
    csrfToken: {
      name: "authjs.csrf-token",
      options: {
        httpOnly: true,
        sameSite: "strict" as const,
        path: "/",
        secure: process.env.NODE_ENV === "production",
      },
    },
  },
} satisfies NextAuthConfig;