// FILE: backend/src/utils/cookie.js
export const cookieOpts = (maxAgeMs) => {
  const isProd = process.env.NODE_ENV === "production";
  const opts = {
    httpOnly: true,
    secure: true, // หลัง Nginx/HTTPS
    sameSite: "none", // ส่งข้าม subdomain ได้
    path: "/",
    maxAge: maxAgeMs,
  };
  if (process.env.COOKIE_DOMAIN) opts.domain = process.env.COOKIE_DOMAIN; // เช่น .np-dms.work
  if (!isProd && process.env.ALLOW_INSECURE_COOKIE === "1") {
    opts.secure = false;
    opts.sameSite = "lax";
  }
  return opts;
};