using ROLAC.API.Entities;

namespace ROLAC.API.Services;

public interface ITokenService
{
    /// <summary>Generates a signed HS256 JWT containing userId, email, and roles claims.</summary>
    string GenerateAccessToken(AppUser user, IList<string> roles);

    /// <summary>Generates a cryptographically-random 64-byte base64 string (the raw token value).</summary>
    string GenerateRefreshToken();

    /// <summary>Returns the SHA-256 hex hash of the raw token. Always hash before storing to DB.</summary>
    string HashToken(string rawToken);
}