package oauth

import (
	"encoding/json"
	"errors"
	"fmt"
	"net/http"

	"github.com/bluesky-social/indigo/atproto/auth/oauth"
	"github.com/go-chi/chi/v5"
)

func (o *OAuth) Router() http.Handler {
	r := chi.NewRouter()

	r.Get("/oauth/client-metadata.json", o.clientMetadata)
	r.Get("/oauth/jwks.json", o.jwks)
	r.Get("/oauth/callback", o.callback)

	return r
}

func (o *OAuth) clientMetadata(w http.ResponseWriter, r *http.Request) {
	clientName := ClientName
	clientUri := ClientURI

	meta := o.ClientApp.Config.ClientMetadata()
	meta.JWKSURI = &o.JwksUri
	meta.ClientName = &clientName
	meta.ClientURI = &clientUri

	w.Header().Set("Content-Type", "application/json")
	if err := json.NewEncoder(w).Encode(meta); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
}

func (o *OAuth) jwks(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json")
	body := o.ClientApp.Config.PublicJWKS()
	if err := json.NewEncoder(w).Encode(body); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
}

func (o *OAuth) callback(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	authReturn := o.GetAuthReturn(r)
	_ = o.ClearAuthReturn(w, r)

	sessData, err := o.ClientApp.ProcessCallback(ctx, r.URL.Query())
	if err != nil {
		var callbackErr *oauth.AuthRequestCallbackError
		if errors.As(err, &callbackErr) {
			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", callbackErr.ErrorCode), http.StatusFound)
			return
		}
		http.Redirect(w, r, "/login?error=oauth", http.StatusFound)
		return
	}

	if err := o.SaveSession(w, r, sessData); err != nil {
		http.Redirect(w, r, "/login?error=session", http.StatusFound)
		return
	}

	redirectURL := "/"
	if authReturn.ReturnURL != "" {
		redirectURL = authReturn.ReturnURL
	}

	http.Redirect(w, r, redirectURL, http.StatusFound)
}