namespace ROLAC.API.Entities;

public class RefreshToken
{
    public int Id { get; set; }

    public string UserId { get; set; } = null!;
    public AppUser User { get; set; } = null!;

    /// <summary>SHA-256 hex of the raw token sent to the client. Never store raw tokens.</summary>
    public string TokenHash { get; set; } = null!;

    public DateTime ExpiresAt { get; set; }
    public DateTime CreatedAt { get; set; }

    /// <summary>Set when this token is revoked (logout or rotation).</summary>
    public DateTime? RevokedAt { get; set; }

    /// <summary>Points to the hash of the token that replaced this one during rotation.</summary>
    public string? ReplacedByHash { get; set; }

    public string? DeviceInfo { get; set; }
    public string? IpAddress { get; set; }

    // Computed helpers — NOT mapped to DB columns (ignored in OnModelCreating)
    public bool IsExpired => DateTime.UtcNow >= ExpiresAt;
    public bool IsRevoked => RevokedAt.HasValue;
    public bool IsActive  => !IsRevoked && !IsExpired;
}