using Apimanager_backend.Models;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

namespace Apimanager_backend.Services
{
    public class TokenService:ITokenService
    {
        public readonly IConfiguration configuration;
        public TokenService(IConfiguration configuration)
        {
            this.configuration = configuration;
        }

        public string GenerateAccessToken(string userId,List<UserRole> roles)
        {
            var jwtSettings = configuration.GetSection("JwtSettings");

            // 创建Claims列表，包含用户名和角色信息
            var claims = new List<Claim>
            {
                new Claim("userId", userId), // 使用userId作为唯一标识
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
        };
            //添加用户角色
            foreach(var role in roles)
            {
                var claim = new Claim(ClaimTypes.Role, role.Role.ToString());
                claims.Add(claim);
            }

            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings["Secret"]));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken(
                issuer: jwtSettings["Issuer"],
                audience: jwtSettings["Audience"],
                claims: claims,
                expires: DateTime.Now.AddMinutes(Convert.ToDouble(jwtSettings["AccessTokenExpiryMinutes"])),
                signingCredentials: creds);

            return new JwtSecurityTokenHandler().WriteToken(token);
        }
    }
}