<?php

namespace App\Hydra;

use App\Hydra\Exception\InvalidChallengeException;
use App\Services\PdoService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;

class HydraService extends AbstractController
{
    public SessionInterface $session;
    public UrlGeneratorInterface $router;
    public Client $client;
    public PdoService $pdoServices;
    public TokenStorageInterface $tokenStorage;

    public function __construct(PdoService $pdoServices, Client $client, SessionInterface $session, UrlGeneratorInterface $router, TokenStorageInterface $tokenStorage)
    {
        $this->pdoServices = $pdoServices;
        $this->session = $session;
        $this->client = $client;
        $this->router = $router;
        $this->tokenStorage = $tokenStorage;
    }

    public function handleLoginRequest(Request $request)
    {
        $challenge = $request->query->get('login_challenge');
        // S'il n'y a pas de challenge, on déclenche une bad request
        if (empty($challenge)) {
            throw new InvalidChallengeException();
        }
        // Fetch Hydra login request info
        $res = $this->client->fetchLoginRequestInfo($challenge);
        $loginRequestInfo = $res->toArray();
        if (200 !== $res->getStatusCode()) {
            $this->session->clear();
            throw new BadRequestException('pas de code 200');
        }
        // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
        $this->session->set('challenge', $loginRequestInfo['challenge']);

        return $this->redirectToRoute('app_login');
    }

    public function handleConsentRequest(Request $request)
    {
        $challenge = $request->query->get('consent_challenge');
        if (!$challenge) {
            throw new BadRequestException("Le challenge n'est pas disponible");
        }

        $consentRequestInfo = $this->client->fetchConsentRequestInfo($challenge)->toArray();
        /** @var User */
        $user = $this->getUser();
        $consentAcceptResponse = $this->client->acceptConsentRequest($consentRequestInfo['challenge'], [
            'grant_scope' => $consentRequestInfo['requested_scope'],
            'session' => [
                'id_token' => $user->getAttributes(),
            ],
        ])->toArray();

        return new RedirectResponse($consentAcceptResponse['redirect_to']);
    }

    public function handleLogoutRequest(Request $request)
    {
        $logoutChallenge = $request->get('logout_challenge');
        if (empty($logoutChallenge)) {
            throw new InvalidChallengeException();
        }
        $logoutRequestInfo = $this->client->fetchLogoutRequestInfo($logoutChallenge)->toArray();
        $logoutAcceptRes = $this->client->acceptLogoutRequest($logoutRequestInfo['challenge'])->toArray();
        $this->session->clear();
        $this->tokenStorage->setToken();

        return new RedirectResponse($logoutAcceptRes['redirect_to']);
    }
}