omnichannel-backend/src/modules/auth/auth-token.service.ts

import { Injectable } from '@nestjs/common';
import * as jwt from 'jsonwebtoken';
import { AuthConfigService } from './auth.config';
import { AuthenticatedUser } from './auth.types';

@Injectable()
export class AuthTokenService {
  constructor(private readonly authConfig: AuthConfigService) {}

  issueToken(user: AuthenticatedUser) {
    const config = this.authConfig.getConfig();

    if (!config.jwtSecret) {
      throw new Error('JWT_SECRET nao configurado');
    }

    return jwt.sign(
      {
        name: user.name,
        email: user.email,
        provider: user.provider,
        username: user.username,
        perfis: user.perfis || [],
        profiles: user.profiles || user.perfis || [],
        areas: user.areas || [],
        areaPrincipal: user.areaPrincipal || null,
        accessStatus: user.accessStatus || 'unassigned',
      },
      config.jwtSecret,
      {
        subject: user.id,
        expiresIn: config.jwtExpiresIn,
      } as jwt.SignOptions,
    );
  }

  assertJwtConfig() {
    const config = this.authConfig.getConfig();

    if (!config.jwtSecret) {
      throw new Error('JWT_SECRET nao configurado');
    }
  }
}