namespace ObsidianMcp.Config;

/// <summary>
/// JWT 验签配置。
/// 环境变量：Jwt__Issuer, Jwt__Audience, Jwt__SigningKey__Current, Jwt__SigningKey__Previous
/// </summary>
public class JwtOptions
{
    public const string Section = "Jwt";

    /// <summary>期望的 iss claim，生产：https://auth.zhengchentao.win</summary>
    public string Issuer { get; set; } = "https://auth.zhengchentao.win";

    /// <summary>期望的 aud claim，生产：obsidian</summary>
    public string Audience { get; set; } = "obsidian";

    public SigningKeyPair SigningKey { get; set; } = new();

    public class SigningKeyPair
    {
        /// <summary>当前签名密钥（HS256 对称密钥），env: Jwt__SigningKey__Current</summary>
        public string Current { get; set; } = string.Empty;

        /// <summary>上一轮密钥，密钥轮换过渡期用，env: Jwt__SigningKey__Previous（可为空）</summary>
        public string? Previous { get; set; }
    }
}