using ROLAC.API.DTOs.Permissions;

namespace ROLAC.API.DTOs.Auth;

public class LoginResponse
{
    /// <summary>Short-lived JWT (15 min). Store in memory — never in localStorage.</summary>
    public string AccessToken { get; set; } = null!;

    /// <summary>Seconds until the access token expires. Always 900 (15 × 60).</summary>
    public int ExpiresIn { get; set; }

    public UserInfo User { get; set; } = null!;
}

public class UserInfo
{
    public string Id                 { get; set; } = null!;
    public string Email              { get; set; } = null!;
    public IList<string> Roles       { get; set; } = [];
    public string LanguagePreference { get; set; } = "en";

    /// <summary>
    /// Effective permissions (union across the user's roles), keyed by module name.
    /// Lets the SPA hide nav/buttons. Authoritative enforcement is server-side.
    /// </summary>
    public Dictionary<string, ModuleActions> Permissions { get; set; } = [];
}