src/api/SIGCM2.Application/Abstractions/Persistence/IRefreshTokenRepository.cs

@@ -0,0 +1,33 @@
+using SIGCM2.Domain.Entities;
+
+namespace SIGCM2.Application.Abstractions.Persistence;
+
+public interface IRefreshTokenRepository
+{
+    /// <summary>
+    /// Finds a refresh token record by its SHA-256 hash.
+    /// Returns the record even if it is revoked or expired — callers decide what to do.
+    /// Returns null if no record matches the hash.
+    /// </summary>
+    Task<RefreshToken?> GetByHashAsync(string tokenHash, CancellationToken ct = default);
+
+    /// <summary>Persists a new refresh token and returns its generated Id.</summary>
+    Task<int> AddAsync(RefreshToken token, CancellationToken ct = default);
+
+    /// <summary>Marks a single token as revoked and optionally records its successor.</summary>
+    Task RevokeAsync(int id, int? replacedById, DateTime revokedAt, CancellationToken ct = default);
+
+    /// <summary>
+    /// Revokes all active (RevokedAt IS NULL) tokens in a family.
+    /// Used for chain revocation on reuse detection.
+    /// Returns the count of rows affected.
+    /// </summary>
+    Task<int> RevokeFamilyAsync(Guid familyId, DateTime revokedAt, CancellationToken ct = default);
+
+    /// <summary>
+    /// Revokes all active tokens for a user across all families.
+    /// Used for logout.
+    /// Returns the count of rows affected.
+    /// </summary>
+    Task<int> RevokeAllActiveForUserAsync(int usuarioId, DateTime revokedAt, CancellationToken ct = default);
+}