#!/bin/bash

# Test JWT validation with the current secret
JWT_SECRET="supersecret1234567890123456789012"
JWT_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhbm9uIiwicm9sZSI6ImFub24iLCJpc3MiOiJtYWRiYXNlIiwiaWF0IjoxNzczNjk0MDE4LCJleHAiOjE3NzQyOTg4MTh9.Gynb6ZP7tEMCq3ORipouyeaSTAY2w_2r0jdqWP_MmKo"

# Try to decode and verify the token
echo "Testing JWT validation..."
echo "Secret (first 8 chars): ${JWT_SECRET:0:8}..."

# Use Python to verify the token
python3 << 'EOF'
import jwt
import sys

secret = "supersecret1234567890123456789012"
token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhbm9uIiwicm9sZSI6ImFub24iLCJpc3MiOiJtYWRiYXNlIiwiaWF0IjoxNzczNjk0MDE4LCJleHAiOjE3NzQyOTg4MTh9.Gynb6ZP7tEMCq3ORipouyeaSTAY2w_2r0jdqWP_MmKo"

try:
    decoded = jwt.decode(token, secret, algorithms=["HS256"])
    print(f"✓ Token is valid!")
    print(f"  Subject: {decoded.get('sub')}")
    print(f"  Role: {decoded.get('role')}")
    print(f"  Issuer: {decoded.get('iss')}")
except jwt.InvalidSignatureError:
    print(f"✗ Invalid signature - token was signed with a different secret!")
    sys.exit(1)
except jwt.ExpiredSignatureError:
    print(f"✗ Token has expired!")
    sys.exit(1)
except Exception as e:
    print(f"✗ Error: {e}")
    sys.exit(1)
EOF

if [ $? -eq 0 ]; then
    echo "JWT validation successful"
else
    echo "JWT validation failed - need to regenerate tokens"
fi