using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.IdentityModel.Tokens;

namespace Hutopy.Infrastructure.Security;

public static class JwtTokenHelper
{
    public static string GenerateJwtToken(
        TimeSpan expiresIn,
        string issuer,
        string audience,
        string key,
        string userId,
        string email,
        string? alias,
        string firstname,
        string lastname,
        string? portraitUrl)
    {
        var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
        var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

        var claims = new List<Claim>([
            new Claim(JwtRegisteredClaimNames.Sub, userId),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
            new Claim(ClaimTypes.NameIdentifier, userId), new Claim(ClaimTypes.Email, email),
            new Claim(ClaimTypes.Name, email), new Claim(ClaimTypes.GivenName, firstname),
            new Claim(ClaimTypes.Surname, lastname)
        ]);

        if (alias is not null)
        {
            claims.Add(new Claim(KnownClaims.Alias, alias));
        }

        if (portraitUrl is not null)
        {
            claims.Add(new Claim(KnownClaims.PortraitUrl, portraitUrl));
        }

        var token = new JwtSecurityToken(
            issuer: issuer,
            audience: audience,
            claims: claims,
            expires: DateTime.Now.Add(expiresIn),
            signingCredentials: credentials);

        return new JwtSecurityTokenHandler().WriteToken(token);
    }
}