import { AtProtoClient } from "./client.ts";
import { OAuthClient, SQLiteOAuthStorage } from "@slices/oauth";
import { SessionStore, SQLiteAdapter, withOAuthSession } from "@slices/session";

const OAUTH_CLIENT_ID = Deno.env.get("OAUTH_CLIENT_ID");
const OAUTH_CLIENT_SECRET = Deno.env.get("OAUTH_CLIENT_SECRET");
const OAUTH_REDIRECT_URI = Deno.env.get("OAUTH_REDIRECT_URI");
const OAUTH_AIP_BASE_URL = Deno.env.get("OAUTH_AIP_BASE_URL");
const API_URL = Deno.env.get("API_URL");
export const SLICE_URI = Deno.env.get("SLICE_URI");
export const ADMIN_DID = Deno.env.get("ADMIN_DID");

if (
  !OAUTH_CLIENT_ID ||
  !OAUTH_CLIENT_SECRET ||
  !OAUTH_REDIRECT_URI ||
  !OAUTH_AIP_BASE_URL ||
  !API_URL ||
  !SLICE_URI
) {
  throw new Error(
    "Missing OAuth configuration. Please ensure .env file contains:\n" +
      "OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_REDIRECT_URI, OAUTH_AIP_BASE_URL, API_URL, SLICE_URI"
  );
}

const DATABASE_URL = Deno.env.get("DATABASE_URL") || "slices.db";

// OAuth setup
const oauthStorage = new SQLiteOAuthStorage(DATABASE_URL);
const oauthConfig = {
  clientId: OAUTH_CLIENT_ID,
  clientSecret: OAUTH_CLIENT_SECRET,
  authBaseUrl: OAUTH_AIP_BASE_URL,
  redirectUri: OAUTH_REDIRECT_URI,
  scopes: [
    "openid",
    "email",
    "profile",
    "atproto",
    "transition:generic",
    "account:email",
    "blob:image/*",
    "repo:network.slices.slice",
    "repo:network.slices.lexicon",
    "repo:network.slices.actor.profile",
    "repo:network.slices.waitlist.request",
  ],
};

// Export config and storage for creating session-scoped clients
export { oauthConfig, oauthStorage };

// Session setup (shared database)
export const sessionStore = new SessionStore({
  adapter: new SQLiteAdapter(DATABASE_URL),
  cookieOptions: {
    httpOnly: true,
    secure: Deno.env.get("DENO_ENV") === "production",
    sameSite: "lax",
    path: "/",
  },
});

// OAuth + Session integration
export const oauthSessions = withOAuthSession(
  sessionStore,
  oauthConfig,
  oauthStorage,
  {
    autoRefresh: true,
  }
);

// Helper function to create session-scoped OAuth client
export function createOAuthClient(sessionId: string): OAuthClient {
  return new OAuthClient(oauthConfig, oauthStorage, sessionId);
}

// Helper function to create authenticated AtProto client for a session
export function createSessionClient(sessionId: string): AtProtoClient {
  const sessionOAuthClient = createOAuthClient(sessionId);
  return new AtProtoClient(API_URL!, SLICE_URI!, sessionOAuthClient);
}

// Public client for unauthenticated requests
export const publicClient = new AtProtoClient(API_URL, SLICE_URI);