meezi/src/Meezi.API/Services/JwtTokenService.cs

using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Meezi.Core.Authorization;
using Meezi.Core.Constants;
using Meezi.Core.Entities;
using Meezi.Core.Enums;
using ConsumerAccount = Meezi.Core.Entities.ConsumerAccount;
using Microsoft.IdentityModel.Tokens;

namespace Meezi.API.Services;

public class JwtTokenService : IJwtTokenService
{
    private readonly IConfiguration _configuration;

    public JwtTokenService(IConfiguration configuration)
    {
        _configuration = configuration;
    }

    public string CreateAccessToken(Employee employee, Cafe cafe) =>
        CreateAccessToken(employee, cafe, employee.Role, employee.BranchId);

    public string CreateAccessToken(
        Employee employee,
        Cafe cafe,
        EmployeeRole effectiveRole,
        string? activeBranchId,
        IEnumerable<Permission>? customPermissions = null)
    {
        var key = _configuration["Jwt:Key"] ?? throw new InvalidOperationException("Jwt:Key is not configured.");
        var issuer = _configuration["Jwt:Issuer"] ?? "meezi";
        var audience = _configuration["Jwt:Audience"] ?? "meezi";
        var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7);

        var claims = new List<Claim>
        {
            new(JwtRegisteredClaimNames.Sub, employee.Id),
            new(MeeziClaimTypes.CafeId, cafe.Id),
            new(MeeziClaimTypes.Role, effectiveRole.ToString()),
            new(MeeziClaimTypes.PlanTier, cafe.PlanTier.ToString()),
            new(MeeziClaimTypes.Language, cafe.PreferredLanguage),
            new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N"))
        };

        if (!string.IsNullOrEmpty(activeBranchId))
            claims.Add(new Claim(MeeziClaimTypes.BranchId, activeBranchId));

        if (customPermissions != null)
        {
            var encoded = string.Join(",", customPermissions.Select(p => p.ToString()));
            if (!string.IsNullOrEmpty(encoded))
                claims.Add(new Claim(MeeziClaimTypes.CustomPermissions, encoded));
        }

        var credentials = new SigningCredentials(
            new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
            SecurityAlgorithms.HmacSha256);

        var token = new JwtSecurityToken(
            issuer,
            audience,
            claims,
            expires: DateTime.UtcNow.AddDays(expiryDays),
            signingCredentials: credentials);

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

    public string CreateConsumerAccessToken(ConsumerAccount account, string language = "fa")
    {
        var key = _configuration["Jwt:Key"] ?? throw new InvalidOperationException("Jwt:Key is not configured.");
        var issuer = _configuration["Jwt:Issuer"] ?? "meezi";
        var audience = _configuration["Jwt:Audience"] ?? "meezi";
        var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7);

        var claims = new List<Claim>
        {
            new(JwtRegisteredClaimNames.Sub, account.Id),
            new(MeeziClaimTypes.Role, MeeziRoles.Customer),
            new(MeeziClaimTypes.Actor, MeeziActorKinds.Consumer),
            new(MeeziClaimTypes.Phone, account.Phone),
            new(MeeziClaimTypes.Language, language),
            new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N"))
        };

        var credentials = new SigningCredentials(
            new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
            SecurityAlgorithms.HmacSha256);

        var token = new JwtSecurityToken(
            issuer,
            audience,
            claims,
            expires: DateTime.UtcNow.AddDays(expiryDays),
            signingCredentials: credentials);

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

    public string CreateRefreshToken() => Guid.NewGuid().ToString("N") + Guid.NewGuid().ToString("N");

    public DateTime GetAccessTokenExpiry()
    {
        var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7);
        return DateTime.UtcNow.AddDays(expiryDays);
    }
}