package ui

import (
	"crypto/ed25519"
	"time"

	"git.wntrmute.dev/kyle/mcias/internal/token"
)

// validateSessionToken wraps token.ValidateToken for use by UI session middleware.
// Security: identical validation pipeline as the REST API — alg check, signature,
// expiry, issuer, revocation (revocation checked by caller).
func validateSessionToken(pubKey ed25519.PublicKey, tokenStr, issuer string) (*token.Claims, error) {
	return token.ValidateToken(pubKey, tokenStr, issuer)
}

// issueToken is a convenience method for issuing a signed JWT.
func (u *UIServer) issueToken(subject string, roles []string, expiry time.Duration) (string, *token.Claims, error) {
	return token.IssueToken(u.privKey, u.cfg.Tokens.Issuer, subject, roles, expiry)
}