import secrets

import bcrypt


def generate_api_key(prefix_len: int = 8, token_bytes: int = 32) -> str:
    prefix = secrets.token_urlsafe(prefix_len)[:prefix_len]
    token = secrets.token_urlsafe(token_bytes)
    return f"{prefix}.{token}"


def get_prefix(api_key: str) -> str:
    return api_key.split(".", 1)[0]


def hash_api_key(api_key: str) -> str:
    hashed = bcrypt.hashpw(api_key.encode("utf-8"), bcrypt.gensalt())
    return hashed.decode("utf-8")


def verify_api_key(api_key: str, api_key_hash: str) -> bool:
    return bcrypt.checkpw(api_key.encode("utf-8"), api_key_hash.encode("utf-8"))