using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.IdentityModel.Tokens;

namespace CampusErrand.Services;

/// <summary>
/// JWT 令牌生成服务
/// </summary>
public class JwtService
{
    private readonly string _secret;
    private readonly string _issuer;
    private readonly string _audience;
    private readonly int _expireMinutes;

    public JwtService(IConfiguration configuration)
    {
        var jwtConfig = configuration.GetSection("Jwt");
        _secret = jwtConfig["Secret"]!;
        _issuer = jwtConfig["Issuer"]!;
        _audience = jwtConfig["Audience"]!;
        _expireMinutes = int.Parse(jwtConfig["ExpireMinutes"] ?? "10080");
    }

    /// <summary>
    /// 生成 JWT 令牌
    /// </summary>
    public string GenerateToken(int userId, string role)
    {
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_secret));
        var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

        var claims = new[]
        {
            new Claim(ClaimTypes.NameIdentifier, userId.ToString()),
            new Claim(ClaimTypes.Role, role)
        };

        var token = new JwtSecurityToken(
            issuer: _issuer,
            audience: _audience,
            claims: claims,
            expires: DateTime.UtcNow.AddMinutes(_expireMinutes),
            signingCredentials: credentials
        );

        return new JwtSecurityTokenHandler().WriteToken(token);
    }
}