package jwt

import (
	"encoding/base64"
	"errors"

	"github.com/golang-jwt/jwt/v5"
)

// Verify 验证令牌
func Verify(tokenString string) (*Claims, error) {
	bts, err := base64.RawURLEncoding.DecodeString(tokenString)
	if err != nil {
		return nil, err
	}
	var claims Claims
	token, err := jwt.ParseWithClaims(string(bts), &claims, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
			return nil, ErrInvalidToken
		}
		return publicKey, nil
	})
	if err != nil {
		if errors.Is(err, jwt.ErrTokenExpired) {
			return &claims, ErrTokenExpired
		}
		return nil, err
	}
	if !token.Valid {
		return nil, ErrInvalidToken
	}
	return &claims, nil
}