import type { SigningPublicKey } from '../../domain/keypair.js'
import type { Result } from '../../framework/types/result.js'

import * as jose from 'jose'

import { makeError, makeSuccess } from '../../framework/types/result.js'
import { BaseError } from '../../framework/error/mod.js'

export interface VerifySignedJwtDto {
  jwt: string
  publicJwk: SigningPublicKey
}

export class VerifySignedJwtError extends BaseError {
  public readonly _tag = 'VerifySignedJwtError'

  constructor(public readonly cause: unknown) {
    super(`failed to verify a signed JWT: ${cause}`)
  }
}

export function buildVerifySignedJwt() {
  return async function verifySignedJwt<Claims>(
    dto: VerifySignedJwtDto,
  ): Promise<Result<VerifySignedJwtError, Claims>> {
    try {
      const { payload: claims } = await jose.jwtVerify<Claims>(
        dto.jwt,
        dto.publicJwk,
      )

      return makeSuccess(claims)
    } catch (cause) {
      return makeError(new VerifySignedJwtError(cause))
    }
  }
}