<?php
/**
 * Simple Security Helpers
 */

declare(strict_types=1);

namespace App\Core;

final class Security
{
    /**
     * Recursively sanitize input data (strings and arrays)
     */
    public static function sanitize($data)
    {
        if (is_array($data)) {
            foreach ($data as $key => $value) {
                $data[$key] = self::sanitize($value);
            }
        } else if (is_string($data)) {
            $data = htmlspecialchars(strip_tags(trim($data)), ENT_QUOTES, 'UTF-8');
        }
        return $data;
    }

    public static function generateRandomString(int $length = 64): string
    {
        return bin2hex(random_bytes($length / 2));
    }

    public static function sign(string $data, string $secret): string
    {
        return hash_hmac('sha256', $data, $secret);
    }

    public static function verifySignature(string $data, string $signature, string $secret): bool
    {
        $expected = self::sign($data, $secret);
        return hash_equals($expected, $signature);
    }
}