import type { AuthUser } from "@mrp/shared";
import jwt from "jsonwebtoken";

import { env } from "../config/env.js";

interface AuthTokenPayload {
  sub: string;
  sid: string;
  email: string;
  permissions: string[];
}

export function signToken(user: AuthUser, sessionId: string) {
  return jwt.sign(
    {
      sub: user.id,
      sid: sessionId,
      email: user.email,
      permissions: user.permissions,
    } satisfies AuthTokenPayload,
    env.JWT_SECRET,
    { expiresIn: "12h" }
  );
}

export function verifyToken(token: string) {
  return jwt.verify(token, env.JWT_SECRET) as AuthTokenPayload;
}