package sn.ladoum.bergerie.security; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.io.Decoders; import io.jsonwebtoken.security.Keys; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; import javax.crypto.SecretKey; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.function.Function; @Service public class JwtService { @Value("${app.jwt.secret}") private String secret; @Value("${app.jwt.expiration-ms}") private long expirationMs; public String generateToken(UserDetails userDetails) { Map claims = new HashMap<>(); userDetails.getAuthorities().stream().findFirst() .ifPresent(a -> claims.put("role", a.getAuthority())); return buildToken(claims, userDetails.getUsername()); } public String extractUsername(String token) { return extractClaim(token, Claims::getSubject); } public boolean isTokenValid(String token, UserDetails userDetails) { String username = extractUsername(token); return username.equals(userDetails.getUsername()) && !isExpired(token); } private boolean isExpired(String token) { return extractClaim(token, Claims::getExpiration).before(new Date()); } private T extractClaim(String token, Function resolver) { Claims claims = Jwts.parser() .verifyWith(getSigningKey()) .build() .parseSignedClaims(token) .getPayload(); return resolver.apply(claims); } private String buildToken(Map claims, String subject) { return Jwts.builder() .claims(claims) .subject(subject) .issuedAt(new Date()) .expiration(new Date(System.currentTimeMillis() + expirationMs)) .signWith(getSigningKey()) .compact(); } private SecretKey getSigningKey() { byte[] keyBytes = Decoders.BASE64.decode(java.util.Base64.getEncoder() .encodeToString(secret.getBytes())); return Keys.hmacShaKeyFor(keyBytes); } }