using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using Meezi.Core.Authorization; using Meezi.Core.Constants; using Meezi.Core.Entities; using Meezi.Core.Enums; using ConsumerAccount = Meezi.Core.Entities.ConsumerAccount; using Microsoft.IdentityModel.Tokens; namespace Meezi.API.Services; public class JwtTokenService : IJwtTokenService { private readonly IConfiguration _configuration; public JwtTokenService(IConfiguration configuration) { _configuration = configuration; } public string CreateAccessToken(Employee employee, Cafe cafe) => CreateAccessToken(employee, cafe, employee.Role, employee.BranchId); public string CreateAccessToken( Employee employee, Cafe cafe, EmployeeRole effectiveRole, string? activeBranchId, IEnumerable? customPermissions = null) { var key = _configuration["Jwt:Key"] ?? throw new InvalidOperationException("Jwt:Key is not configured."); var issuer = _configuration["Jwt:Issuer"] ?? "meezi"; var audience = _configuration["Jwt:Audience"] ?? "meezi"; var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7); var claims = new List { new(JwtRegisteredClaimNames.Sub, employee.Id), new(MeeziClaimTypes.CafeId, cafe.Id), new(MeeziClaimTypes.Role, effectiveRole.ToString()), new(MeeziClaimTypes.PlanTier, cafe.PlanTier.ToString()), new(MeeziClaimTypes.Language, cafe.PreferredLanguage), new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")) }; if (!string.IsNullOrEmpty(activeBranchId)) claims.Add(new Claim(MeeziClaimTypes.BranchId, activeBranchId)); if (customPermissions != null) { var encoded = string.Join(",", customPermissions.Select(p => p.ToString())); if (!string.IsNullOrEmpty(encoded)) claims.Add(new Claim(MeeziClaimTypes.CustomPermissions, encoded)); } var credentials = new SigningCredentials( new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)), SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer, audience, claims, expires: DateTime.UtcNow.AddDays(expiryDays), signingCredentials: credentials); return new JwtSecurityTokenHandler().WriteToken(token); } public string CreateConsumerAccessToken(ConsumerAccount account, string language = "fa") { var key = _configuration["Jwt:Key"] ?? throw new InvalidOperationException("Jwt:Key is not configured."); var issuer = _configuration["Jwt:Issuer"] ?? "meezi"; var audience = _configuration["Jwt:Audience"] ?? "meezi"; var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7); var claims = new List { new(JwtRegisteredClaimNames.Sub, account.Id), new(MeeziClaimTypes.Role, MeeziRoles.Customer), new(MeeziClaimTypes.Actor, MeeziActorKinds.Consumer), new(MeeziClaimTypes.Phone, account.Phone), new(MeeziClaimTypes.Language, language), new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")) }; var credentials = new SigningCredentials( new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)), SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer, audience, claims, expires: DateTime.UtcNow.AddDays(expiryDays), signingCredentials: credentials); return new JwtSecurityTokenHandler().WriteToken(token); } public string CreateRefreshToken() => Guid.NewGuid().ToString("N") + Guid.NewGuid().ToString("N"); public DateTime GetAccessTokenExpiry() { var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7); return DateTime.UtcNow.AddDays(expiryDays); } }