package auth

import (
	"time"

	"bssapp-backend/models"

	"github.com/golang-jwt/jwt/v5"
)

func BuildClaimsFromUser(u *models.MkUser, ttl time.Duration) Claims {
	now := time.Now()

	return Claims{
		// 🔴 mk_dfusr.id
		ID: u.ID,

		Username: u.Username,
		RoleCode: u.RoleCode,
		RoleID:   u.RoleID,
		// ✅ BURASI
		DepartmentCodes: u.DepartmentCodes,

		SessionID: u.SessionID,

		ForcePasswordChange: u.ForcePasswordChange,

		RegisteredClaims: jwt.RegisteredClaims{
			Issuer:    "bssapp",
			Subject:   u.Username,
			IssuedAt:  jwt.NewNumericDate(now),
			NotBefore: jwt.NewNumericDate(now),
			ExpiresAt: jwt.NewNumericDate(now.Add(ttl)),
		},
	}
}