defmodule Runbox.Runtime.Sandbox.UserActionSigner do
  @moduledoc group: :dev_tools
  @moduledoc """
  Module that signs user actions for Sandbox.

  This uses a fixed key that is part of the source-code, so do not rely on it for security. The key
  is the same we used before, so it's backwards compatible - tests depending on Sandbox should keep
  working like before.

  This module is set-up to be used in Sandbox automatically.
  """

  # If you change this key, user actions in Sandbox will change. This can break existing tests so do
  # it with care.
  @signer Joken.Signer.create("HS256", "Kqz0EyLw6HKcLRv222S6U3v1h6T")
  @token_config %{}

  @doc """
  Sign the provided user action claims.

  Do not use this function directly for signing user actions. Instead use
  `Runbox.Scenario.UserAction.pack/4`.
  """
  @spec sign(map()) :: {:ok, Joken.bearer_token()} | {:error, Joken.error_reason()}
  def sign(claims) do
    Joken.generate_and_sign(@token_config, claims, @signer)
  end

  @doc """
  Validate and unpack a user action token.

  Checks if a token is a valid user action and if so unpacks the content.

  Useful for testing or in Sandbox environment, for quickly checking a token possibly created by a
  scenario.
  """
  @spec validate_and_unpack(token :: String.t()) :: {:ok, map()} | {:error, Joken.error_reason()}
  def validate_and_unpack(token) do
    Joken.verify_and_validate(@token_config, token, @signer)
  end
end