import JWT
import Fluent
import Foundation

func generateIdpAlias(appId: String, deviceId: String, serialNo: String) -> String {
    return "\(appId):\(deviceId):\(serialNo)"
}

func generateToken(accountId: Int, expires: Date, type: SessionType) -> SessionPayload {
    return SessionPayload(
        accountId: .init(value: String(accountId)),
        expiration: .init(value: expires),
        type: type.rawValue
    )
}

struct SessionPayload: JWTPayload {
    enum CodingKeys: String, CodingKey {
        case accountId = "sub"
        case expiration = "exp"
        case type = "type"
    }

    // The "sub" (subject) claim identifies the principal that is the
    // subject of the JWT.
    var accountId: SubjectClaim

    // The "exp" (expiration time) claim identifies the expiration time on
    // or after which the JWT MUST NOT be accepted for processing.
    var expiration: ExpirationClaim

    // Custom data.
    // If true, the user is an admin.
    var type: Int

    // Run any additional verification logic beyond
    // signature verification here.
    // Since we have an ExpirationClaim, we will
    // call its verify method.
    func verify(using algorithm: some JWTAlgorithm) async throws {
        try self.expiration.verifyNotExpired()
    }
}