const { subtle } = require('node:crypto').webcrypto;

const sharedSecret = process.env.SHARED_SECRET;

const authentication = {
    checkSharedSecret: (providedSecret) => {
        return sharedSecret === providedSecret;
    },
    verifySignature : async (msg, sig, publicKeys) => {
        try {
            for (const pemPubKey of publicKeys) {
                try {
                    const pubKey = await authentication.pemToKey(pemPubKey);
                    const verified = await subtle.verify(
                        'Ed25519',
                        pubKey,
                        sig,
                        msg
                    );
                    if (verified) {
                        console.log('Signature verified successfully with public key:', pemPubKey);
                        return pemPubKey;
                    }
                } catch (err) {
                    console.log('Failed to verify signature with public key:', pemPubKey, err);
                }
            }
            return null;
        } catch (err) {
            console.error('Error verifying signature:', err);
        }
    },
    pemToKey: async (pemKey) => {
        const base64 = pemKey.replace(`-----BEGIN PUBLIC KEY-----`, '').replace(`-----END PUBLIC KEY-----`, '').trim();
        const buffer = Buffer.from(base64, 'base64');
        const uint8Array = new Uint8Array(buffer);
        const publicKey = await subtle.importKey(
            "spki",
            uint8Array,
            {
                name: "Ed25519",
            },
            true,
            ["verify"],
        );
        return publicKey;
    }
};

module.exports = authentication;