package jwt

import (
	"crypto/rsa"
	"errors"

	"github.com/golang-jwt/jwt/v5"
	"zestack.dev/env"
)

var (
	ErrUnauthorized  = errors.New("jwt: unauthorized")
	ErrForbidden     = errors.New("jwt: forbidden")
	ErrInvalidToken  = errors.New("jwt: invalid token")
	ErrTokenExpired  = errors.New("jwt: token is expired")
	ErrTokenNotFound = errors.New("jwt: token not found")

	publicKey  *rsa.PublicKey
	privateKey *rsa.PrivateKey
)

type Claims = jwt.RegisteredClaims

func Init() (err error) {
	publicKey, err = jwt.ParseRSAPublicKeyFromPEM(env.Bytes("JWT_PUBLIC_KEY"))
	if err != nil {
		return err
	}

	privateKey, err = jwt.ParseRSAPrivateKeyFromPEM(env.Bytes("JWT_PRIVATE_KEY"))
	if err != nil {
		return
	}

	return
}