import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      jwtFromRequest: (req: any) => {
        // Cookie-based auth (C-2) — preferred in production
        if (req?.cookies?.wraith_token) return req.cookies.wraith_token;
        // Fallback: Authorization header (for migration / API clients)
        return ExtractJwt.fromAuthHeaderAsBearerToken()(req);
      },
      ignoreExpiration: false,
      secretOrKey: process.env.JWT_SECRET,
    });
  }

  validate(payload: { sub: number; email: string; role: string }) {
    return { sub: payload.sub, email: payload.email, role: payload.role };
  }
}