package oidc

import (
	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
	"forge.cadoles.com/cadoles/bouncer/internal/store"
	"github.com/pkg/errors"
)

type LayerOptions struct {
	authn.LayerOptions
	OIDC OIDCOptions `mapstructure:"oidc"`
}

type OIDCOptions struct {
	ClientID               string            `mapstructure:"clientId"`
	ClientSecret           string            `mapstructure:"clientSecret"`
	LoginCallbackPath      string            `mapstructure:"loginCallbackPath"`
	LogoutPath             string            `mapstructure:"logoutPath"`
	IssuerURL              string            `mapstructure:"issuerURL"`
	SkipIssuerVerification bool              `mapstructure:"skipIssuerVerification"`
	PostLogoutRedirectURL  string            `mapstructure:"postLogoutRedirectURL"`
	Scopes                 []string          `mapstructure:"scopes"`
	AuthParams             map[string]string `mapstructure:"authParams"`
}

func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
	layerOptions := LayerOptions{
		LayerOptions: authn.DefaultLayerOptions(),
		OIDC: OIDCOptions{
			LoginCallbackPath: "/.bouncer/authn/oidc/%s/callback",
			LogoutPath:        "/.bouncer/authn/oidc/%s/logout",
			Scopes:            []string{"openid"},
		},
	}

	if err := authn.FromStoreOptions(storeOptions, &layerOptions); err != nil {
		return nil, errors.WithStack(err)
	}

	return &layerOptions, nil
}