using ROLAC.API.DTOs.Auth;

namespace ROLAC.API.Services;

public interface IAuthService
{
    /// <summary>
    /// Validates credentials and returns a new access token plus the raw refresh token
    /// that must be stored in an HttpOnly cookie by the caller.
    /// Throws <see cref="UnauthorizedAccessException"/> on any auth failure.
    /// </summary>
    Task<(LoginResponse Response, string RawRefreshToken)> LoginAsync(
        LoginRequest request,
        string? ipAddress  = null,
        string? deviceInfo = null);

    /// <summary>
    /// Validates a raw refresh token, revokes it, and issues a new token pair (rotation).
    /// Throws <see cref="UnauthorizedAccessException"/> if the token is not found,
    /// expired, or already revoked.
    /// </summary>
    Task<(LoginResponse Response, string RawRefreshToken)> RefreshAsync(
        string rawRefreshToken,
        string? ipAddress = null);

    /// <summary>
    /// Revokes the refresh token identified by its raw value.
    /// Silently succeeds if the token is not found.
    /// </summary>
    Task LogoutAsync(string rawRefreshToken);
}