package oidc

import (
	"time"

	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
	"forge.cadoles.com/cadoles/bouncer/internal/store"
	"github.com/pkg/errors"
)

const defaultCookieName = "_bouncer_authn_oidc"

type LayerOptions struct {
	authn.LayerOptions
	OIDC   OIDCOptions   `mapstructure:"oidc"`
	Cookie CookieOptions `mapstructure:"cookie"`
}

type OIDCOptions struct {
	ClientID               string            `mapstructure:"clientId"`
	ClientSecret           string            `mapstructure:"clientSecret"`
	LoginCallbackPath      string            `mapstructure:"loginCallbackPath"`
	LogoutPath             string            `mapstructure:"logoutPath"`
	IssuerURL              string            `mapstructure:"issuerURL"`
	SkipIssuerVerification bool              `mapstructure:"skipIssuerVerification"`
	PostLogoutRedirectURL  string            `mapstructure:"postLogoutRedirectURL"`
	Scopes                 []string          `mapstructure:"scopes"`
	AuthParams             map[string]string `mapstructure:"authParams"`
}

type CookieOptions struct {
	Name     string        `mapstructure:"name"`
	Domain   string        `mapstructure:"domain"`
	Path     string        `mapstructure:"path"`
	SameSite string        `mapstructure:"sameSite"`
	Secure   bool          `mapstructure:"secure"`
	HTTPOnly bool          `mapstructure:"httpOnly"`
	MaxAge   time.Duration `mapstructure:"maxAge"`
}

func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
	layerOptions := LayerOptions{
		LayerOptions: authn.DefaultLayerOptions(),
		OIDC: OIDCOptions{
			LoginCallbackPath: "/.bouncer/authn/oidc/%s/callback",
			LogoutPath:        "/.bouncer/authn/oidc/%s/logout",
			Scopes:            []string{"openid"},
		},
		Cookie: CookieOptions{
			Name:     defaultCookieName,
			Path:     "/",
			HTTPOnly: true,
			MaxAge:   time.Hour,
		},
	}

	if err := authn.FromStoreOptions(storeOptions, &layerOptions); err != nil {
		return nil, errors.WithStack(err)
	}

	return &layerOptions, nil
}