import os
from itsdangerous import URLSafeTimedSerializer
from flask import current_app

def get_serializer():
    secret = os.environ.get('RESET_TOKEN_SECRET') or current_app.config.get('SECRET_KEY')
    return URLSafeTimedSerializer(secret)

def generate_reset_token(email):
    s = get_serializer()
    return s.dumps(email, salt='password-reset')

def verify_reset_token(token, max_age=3600):
    s = get_serializer()
    try:
        email = s.loads(token, salt='password-reset', max_age=max_age)
        return email
    except Exception:
        return None