package com.example.demo.auth; import com.auth0.jwt.JWT; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.DecodedJWT; import com.auth0.jwt.interfaces.JWTVerifier; import org.springframework.stereotype.Service; import java.time.Instant; import java.util.HashMap; import java.util.Map; @Service public class JwtService { private final JwtProperties props; public JwtService(JwtProperties props) { this.props = props; } public String signToken(Long userId, Long shopId, String phone, String provider) { Instant now = Instant.now(); Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret()); var jwt = JWT.create() .withIssuer(props.getIssuer()) .withIssuedAt(java.util.Date.from(now)) .withExpiresAt(java.util.Date.from(now.plusSeconds(props.getTtlSeconds()))) .withClaim("userId", userId) .withClaim("shopId", shopId) .withClaim("provider", provider); if (phone != null && !phone.isBlank()) jwt.withClaim("phone", phone); return jwt.sign(alg); } public String signToken(Long userId, Long shopId, String phone, String provider, String email) { Instant now = Instant.now(); Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret()); var jwt = JWT.create() .withIssuer(props.getIssuer()) .withIssuedAt(java.util.Date.from(now)) .withExpiresAt(java.util.Date.from(now.plusSeconds(props.getTtlSeconds()))) .withClaim("userId", userId) .withClaim("shopId", shopId) .withClaim("provider", provider); if (phone != null && !phone.isBlank()) jwt.withClaim("phone", phone); if (email != null && !email.isBlank()) jwt.withClaim("email", email); return jwt.sign(alg); } public String signAdminToken(Long adminId, String username) { Instant now = Instant.now(); Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret()); var jwt = JWT.create() .withIssuer(props.getIssuer()) .withIssuedAt(java.util.Date.from(now)) .withExpiresAt(java.util.Date.from(now.plusSeconds(props.getTtlSeconds()))) .withClaim("adminId", adminId) .withClaim("role", "admin"); if (username != null && !username.isBlank()) jwt.withClaim("username", username); return jwt.sign(alg); } public Map parseClaims(String authorizationHeader) { Map out = new HashMap<>(); if (authorizationHeader == null || authorizationHeader.isBlank()) return out; String prefix = "Bearer "; if (!authorizationHeader.startsWith(prefix)) return out; String token = authorizationHeader.substring(prefix.length()).trim(); try { Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret()); JWTVerifier verifier = JWT.require(alg) .withIssuer(props.getIssuer()) .acceptLeeway(props.getClockSkewSeconds()) .build(); DecodedJWT jwt = verifier.verify(token); Long userId = jwt.getClaim("userId").asLong(); Long shopId = jwt.getClaim("shopId").asLong(); String phone = jwt.getClaim("phone").asString(); String email = jwt.getClaim("email").asString(); Long adminId = jwt.getClaim("adminId").asLong(); String role = jwt.getClaim("role").asString(); if (userId != null) out.put("userId", userId); if (shopId != null) out.put("shopId", shopId); if (phone != null && !phone.isBlank()) out.put("phone", phone); if (email != null && !email.isBlank()) out.put("email", email); if (adminId != null) out.put("adminId", adminId); if (role != null && !role.isBlank()) out.put("role", role); } catch (Exception ignore) { } return out; } }