import { Signer } from '@volcengine/openapi';
import type { RequestObj } from '@volcengine/openapi/lib/base/types';

export interface SignerOptions {
  pathname: string;
  method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
  body?: string;
  region?: 'cn-beijing' | 'cn-shanghai' | string;
  params?: Record<string, any>;
}

/**
 * 火山引擎API签名工具
 * @param options 签名参数
 * @param accessKeyId 用户AK
 * @param secretKey 用户SK
 * @returns 签名后的请求头
 */
export function signRequest(
  options: SignerOptions,
  accessKeyId?: string,
  secretKey?: string
): Record<string, string> {
  const ak = accessKeyId || process.env.REAI_VOLC_ACCESS_KEY_ID;
  const sk = secretKey || process.env.REAI_VOLC_SECRET_KEY;
  const region = options.region || process.env.REAI_VOLC_REGION || 'cn-beijing';
  
  if (!ak || !sk) {
    throw new Error('Missing credentials: either provide accessKeyId/secretKey or set VOLC_ACCESS_KEY_ID/VOLC_SECRET_KEY environment variables');
  }
  const requestObj: RequestObj = {
    region: region,
    headers: {
      Accept: 'application/json',
      'Content-type': 'application/json'
    },
    method: options.method,
    body: options.body,
    pathname: options.pathname,
    params: options.params
  };

  const signer = new Signer(requestObj, 'air');
  signer.addAuthorization({
    accessKeyId: ak,
    secretKey: sk
  });

  return requestObj.headers;
}