package kekskurseauth

import (
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"strings"
)

type Auth struct {
	config       AuthConfig
	clientID     string
	clientSecret string
}

func NewAuthWithConfig(config AuthConfig, clientID, clientSecret string) (Auth, error) {
	a := Auth{}
	a.config = config
	a.clientID = clientID
	a.clientSecret = clientSecret
	return a, nil
}

func NewAuthWithConfigurationURL(url, clientID, clientSecret string) (Auth, error) {
	a := Auth{}
	a.clientID = clientID
	a.clientSecret = clientSecret
	config := AuthConfig{}

	res, err := http.Get(url)
	if err != nil {
		return Auth{}, fmt.Errorf("%w: %q", ErrCantGetConfiguratorData, err)
	}
	defer res.Body.Close()

	bodyContent, err := io.ReadAll(res.Body)
	if err != nil {
		return Auth{}, fmt.Errorf("%w: %q", ErrCantGetConfiguratorData, err)
	}

	err = json.Unmarshal(bodyContent, &config)
	if err != nil {
		return Auth{}, fmt.Errorf("%w: %q", ErrCantGetConfiguratorData, err)
	}

	a.config = config
	return a, nil
}

func (a Auth) GetAuthorizationURL(redirectUrl string, scope []string, state string) (string, error) {
	if a.config.AuthorizationEndpoint == "" {
		return "", fmt.Errorf("%w: %s", ErrCantGetAuthorizationURL, "AuthorizationEndpoint in config is empty")
	}

	if a.clientID == "" {
		return "", fmt.Errorf("%w: %s", ErrCantGetAuthorizationURL, "clientid in config is empty")
	}

	url, err := url.Parse(a.config.AuthorizationEndpoint)
	if err != nil {
		return "", fmt.Errorf("%w: %q", ErrCantGetAuthorizationURL, err)
	}

	values := url.Query()

	values.Set("client_id", a.clientID)
	if redirectUrl != "" {
		values.Set("redirect_uri", redirectUrl)
	}

	if len(scope) > 0 {
		values.Set("scope", strings.Join(scope, "+"))
	}

	if state != "" {
		values.Set("state", state)
	}

	url.RawQuery = values.Encode()

	return url.String(), nil
}