using Microsoft.AspNetCore.DataProtection;

namespace ROLAC.API.Services.Security;

public class TinProtector : ITinProtector
{
    private readonly IDataProtector _protector;

    public TinProtector(IDataProtectionProvider provider)
        => _protector = provider.CreateProtector("Payee1099.Tin");

    public string Protect(string plaintext)    => _protector.Protect(plaintext);
    public string Unprotect(string ciphertext) => _protector.Unprotect(ciphertext);

    /// <summary>Last four digits of a TIN (ignoring dashes/spaces); null/empty in => null.</summary>
    public static string? Last4(string? raw)
    {
        if (string.IsNullOrWhiteSpace(raw)) return null;
        var digits = new string(raw.Where(char.IsDigit).ToArray());
        return digits.Length <= 4 ? digits : digits[^4..];
    }
}