import type { PrivateKey } from '../../domain/keypair.js'

import { CompactSign } from 'jose'
import { buildSerde } from './internal/serde.js'
import { makeError, makeSuccess } from '../../framework/types/result.js'
import { SIGNING_KEYPAIR_ALGORITHM } from './internal/algorithm.js'
import { BaseError } from '../../framework/error/mod.js'

class SigningError extends BaseError {
  public readonly _tag = 'SigningError'

  constructor(public readonly cause: unknown) {
    super(`failed to sign data: ${cause}`)
  }
}
export function buildSign() {
  return async function sign(privateKey: PrivateKey, payload: object | string) {
    try {
      const content = new TextEncoder().encode(
        typeof payload === 'object' ? JSON.stringify(payload) : payload,
      )

      const serde = buildSerde()
      const key = await serde.deserializeSingleKey(privateKey)

      const signature = await new CompactSign(content)
        .setProtectedHeader({
          alg: SIGNING_KEYPAIR_ALGORITHM,
          typ: 'JWT',
        })
        .sign(key)

      return makeSuccess(signature)
    } catch (cause) {
      return makeError(new SigningError(cause))
    }
  }
}