using SIGCM2.Application.Abstractions;
using SIGCM2.Application.Abstractions.Persistence;
using SIGCM2.Application.Audit;

namespace SIGCM2.Application.Auth.Logout;

public sealed class LogoutCommandHandler : ICommandHandler<LogoutCommand, LogoutResponseDto>
{
    private readonly IRefreshTokenRepository _refreshRepo;
    private readonly ISecurityEventLogger _security;

    public LogoutCommandHandler(IRefreshTokenRepository refreshRepo, ISecurityEventLogger security)
    {
        _refreshRepo = refreshRepo;
        _security = security;
    }

    public async Task<LogoutResponseDto> Handle(LogoutCommand command)
    {
        // Revoke all active tokens for the user across all families.
        // Idempotent: 0 rows affected is not an error.
        await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, DateTime.UtcNow);
        await _security.LogAsync("logout", "success", actorUserId: command.UsuarioId);
        return new LogoutResponseDto(true, "Sesión cerrada correctamente");
    }
}