// src/lib/jwt.ts
import * as jose from "jose";
import { UserRole, Permissions } from "@/types/auth";

interface JwtPayload {
  id: string;
  role: UserRole;
  companyId: string;
  companyName?: string;
  businessNumber?: string;
  contractEndDate?: string;
  branchId?: string;
  permissions: Permissions; // 권한 정보 추가
}

export function decodeToken(token: string): JwtPayload | null {
  try {
    const decoded = jose.decodeJwt(token);
    const payload = decoded as unknown as JwtPayload;

    // 필수 필드 검증
    if (
      !payload.id ||
      !payload.role ||
      !payload.companyId ||
      !payload.permissions
    ) {
      console.warn("Invalid token payload:", payload);
      return null;
    }

    return {
      id: payload.id,
      role: payload.role,
      companyId: payload.companyId,
      companyName: payload.companyName,
      businessNumber: payload.businessNumber,
      contractEndDate: payload.contractEndDate,
      branchId: payload.branchId,
      permissions: payload.permissions,
    };
  } catch (error) {
    console.error("Token decode error:", error);
    return null;
  }
}

// 권한 체크 유틸리티 함수들 추가
export function hasPermission(
  payload: JwtPayload | null,
  permission: string
): boolean {
  if (!payload?.permissions) return false;
  return !!payload.permissions[permission];
}

export function hasAnyPermission(
  payload: JwtPayload | null,
  permissions: string[]
): boolean {
  if (!payload?.permissions) return false;
  return permissions.some((permission) => hasPermission(payload, permission));
}

export function hasAllPermissions(
  payload: JwtPayload | null,
  permissions: string[]
): boolean {
  if (!payload?.permissions) return false;
  return permissions.every((permission) => hasPermission(payload, permission));
}