package main

import (
	"time"

	"github.com/golang-jwt/jwt/v5"
)

// CreateJWT generates a signed JWT
func createJWT(secret []byte, account string, role string) (string, error) {
	claims := jwt.MapClaims{
		"sub":     role,                             // subject (user id)
		"exp":     time.Now().Add(time.Hour).Unix(), // expiration
		"iat":     time.Now().Unix(),                // issued at
		"purpose": "role",
		"account": account,
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

	return token.SignedString(secret)
}