using Microsoft.AspNetCore.DataProtection;

namespace OED.Api.Infrastructure.Auth;

public interface ITokenEncryptor
{
    string Encrypt(string plaintext);
    string Decrypt(string ciphertext);
}

// Uses ASP.NET Data Protection — handles key management, rotation, and storage automatically
public class TokenEncryptor(IDataProtectionProvider provider) : ITokenEncryptor
{
    private readonly IDataProtector _protector = provider.CreateProtector("Eve.RefreshToken.v1");

    public string Encrypt(string plaintext) => _protector.Protect(plaintext);
    public string Decrypt(string ciphertext) => _protector.Unprotect(ciphertext);
}