using SurrealDb.Net.Models;

namespace RelayServer.Models;

/// <summary>
/// Surreal record for the `server_encryption_keys` table. Stores both:
///   - The server's RSA keypair (for receiving encrypted client→server payloads).
///   - The single AES-256 key used to encrypt channel_messages at rest.
///
/// Generated once on first boot by ServerBootstrapService. Loaded into static fields on
/// ChatSocketBehavior at boot so handlers can use them without a DB round-trip.
/// </summary>
public class ServerEncryptionKeys : Record
{
    /// <summary>Base64 AES-256 key used by ChannelCryptoService for at-rest message encryption.</summary>
    public required string KeyBase64 { get; set; }

    /// <summary>Base64 SubjectPublicKeyInfo of the server's RSA public key. Sent to clients on GetServerKey.</summary>
    public required string PublicKey { get; set; }

    /// <summary>Base64 PKCS8 of the server's RSA private key. Never leaves the server.</summary>
    public required string PrivateKey { get; set; }

    /// <summary>When the keys were generated.</summary>
    public required DateTime CreatedAt { get; set; }

    /// <summary>When the keys were last rotated. Currently same as CreatedAt — rotation isn't implemented.</summary>
    public required DateTime UpdatedAt { get; set; }
}