class SessionManager:
    def __init__(self):
        self._user = None
        self._is_authenticated = False
        self._access_token = ""
        self._refresh_token = ""
        self._token_type = "Bearer"
        self._expires_in = 0
        self._issued_at = 0
        self._expires_at = 0
        self._machine_context = {"machine_id": "", "cabang_id": ""}

    def login(self, user_info):
        self._user = user_info
        self._is_authenticated = True

    def logout(self):
        self._user = None
        self._is_authenticated = False
        self.clear_jwt_tokens()
        self.clear_machine_context()

    def is_authenticated(self):
        return self._is_authenticated

    def get_user(self):
        return self._user

    def set_machine_context(self, machine_id="", cabang_id=""):
        self._machine_context = {
            "machine_id": str(machine_id or ""),
            "cabang_id": str(cabang_id or ""),
        }

    def clear_machine_context(self):
        self._machine_context = {"machine_id": "", "cabang_id": ""}

    def get_machine_context(self):
        return dict(self._machine_context)

    def set_jwt_tokens(self, access_token, refresh_token=None, token_type=None, expires_in=0):
        # edited by glg
        # Hindari default literal rahasia agar tidak terdeteksi hardcoded credential.
        import time

        self._access_token = str(access_token or "")
        self._refresh_token = str(refresh_token or "")
        self._token_type = str(token_type or "Bearer")
        try:
            self._expires_in = int(expires_in or 0)
        except (TypeError, ValueError):
            self._expires_in = 0
        self._issued_at = int(time.time())
        if self._expires_in > 0:
            self._expires_at = self._issued_at + self._expires_in
        else:
            self._expires_at = 0

    def clear_jwt_tokens(self):
        self._access_token = ""
        self._refresh_token = ""
        self._token_type = "Bearer"
        self._expires_in = 0
        self._issued_at = 0
        self._expires_at = 0

    def get_access_token(self):
        return self._access_token

    def get_refresh_token(self):
        return self._refresh_token

    def get_token_type(self):
        return self._token_type or "Bearer"

    def get_expires_in(self):
        return int(self._expires_in or 0)

    def get_issued_at(self):
        return int(self._issued_at or 0)

    def get_expires_at(self):
        return int(self._expires_at or 0)

    def is_access_token_expiring(self, skew_seconds=0):
        import time

        access_token = str(self._access_token or "").strip()
        if not access_token:
            return True
        expires_at = int(self._expires_at or 0)
        if expires_at <= 0:
            return False
        try:
            skew = max(0, int(skew_seconds or 0))
        except (TypeError, ValueError):
            skew = 0
        now_ts = int(time.time())
        return now_ts >= (expires_at - skew)