'use strict';

const createError = require('http-errors');
const {
    getManifest: getManifestFromStore,
    getDocument: getDocumentFromStore,
} = require('../utils/vhlStorage');

/**
 * Retrieves a VHL manifest by ID, enforcing PIN validation when required.
 *
 * Called by NodoDominio during Fase 4 (Retrieve VHL Manifest & Docs) of
 * validar_qr_vhl.mmd: NodoDominio extracts the manifest URL from the CWT
 * and POSTs to it (with optional PIN) to get the document locations.
 *
 * @param {string} manifestId
 * @param {string} [pin]
 * @returns {object} Manifest { files: [{ contentType, location }] }
 * @throws {HttpError} 404 if not found/expired; 401/403 on PIN failure.
 */
function getManifest(manifestId, pin) {
    // Delegate to storage; it throws with .status on PIN failures
    const manifest = getManifestFromStore(manifestId, pin);
    if (!manifest) {
        throw createError(404, 'Manifest no encontrado o expirado');
    }
    return manifest;
}

/**
 * Retrieves a serialized AES-256-GCM encrypted document by ID.
 *
 * Called by NodoDominio via a direct P2P download (step 8 in validar_qr_vhl.mmd).
 * The caller decrypts using the symmetric key extracted from the CWT.
 *
 * Wire format: [ 12 bytes IV ][ N bytes ciphertext ][ 16 bytes GCM tag ]
 *
 * @param {string} documentId
 * @returns {Buffer} Serialized encrypted document.
 * @throws {HttpError} 404 if not found or expired.
 */
function getDocument(documentId) {
    const doc = getDocumentFromStore(documentId);
    if (!doc) {
        throw createError(404, 'Documento no encontrado o expirado');
    }
    return doc;
}

module.exports = { getManifest, getDocument };