import { Inject, Injectable } from '@nestjs/common';
import { ConfigurationService } from '../config/config.service';
import * as jwt from 'jsonwebtoken';

/**
 * Generate JWTs using the following commands:
 * Private: ssh-keygen -t rsa -b 4096 -m PEM -f jwt.private.pem
 * Public:  openssl rsa -in jwt.private.pem -pubout -outform PEM -out jwt.public.pem
 */
@Injectable()
export class JWTService {
  constructor(
    @Inject('JWT_PRIVATE_KEY') private _privateKey: string,
    @Inject('JWT_PUBLIC_KEY') private _publicKey: string,
    private _config: ConfigurationService,
  ) {}

  public issue(
    claims: Record<string, any>,
    subject: string,
    audience?: string,
  ): string {
    return jwt.sign(claims, this._privateKey, {
      algorithm: this._config.get('jwt.algorithm'),
      issuer: this._config.get('jwt.issuer'),
      expiresIn: this._config.get('jwt.expiration'),
      subject,
      audience,
    });
  }

  public verify(
    token: string,
    subject?: string,
    audience?: string,
  ): jwt.JwtPayload {
    return jwt.verify(token, this._publicKey, {
      algorithms: [this._config.get('jwt.algorithm')],
      issuer: this._config.get('jwt.issuer'),
      subject,
      audience,
    }) as jwt.JwtPayload;
  }
}