package web

import (
	"net"
	"net/http"
	"strconv"
	"strings"
	"testing"
	"time"

	"github.com/coreos/go-oidc/v3/oidc"
	"github.com/oauth2-proxy/mockoidc"
	"github.com/stretchr/testify/require"
	"golang.org/x/oauth2"
)

type OIDCServer struct {
	*mockoidc.MockOIDC
	*oauth2.Config
	*oidc.Provider
	*testing.T
}

func NewOIDCServer(t *testing.T) *OIDCServer {
	srv, err := mockoidc.NewServer(nil)
	require.NoError(t, err)

	require.NoError(t, srv.AddMiddleware(func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			t.Logf("mockoidc: %v %v %v\n", r.Method, r.URL.Path, r.URL.Query())
			next.ServeHTTP(w, r)
		})
	}))

	ln, err := net.Listen("tcp", "127.0.0.1:0")
	require.NoError(t, err)
	require.NoError(t, srv.Start(ln, nil))
	if srv.Server != nil {
		mux := srv.Server.Handler.(*http.ServeMux)
		mux.Handle(strings.Replace(mockoidc.AuthorizationEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Authorize))
		mux.Handle(strings.Replace(mockoidc.TokenEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Token))
		mux.Handle(strings.Replace(mockoidc.UserinfoEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Userinfo))
		mux.Handle(strings.Replace(mockoidc.JWKSEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.JWKS))
		mux.Handle(strings.Replace(mockoidc.DiscoveryEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Discovery))
	}

	provider, err := oidc.NewProvider(t.Context(), srv.Issuer())
	require.NoError(t, err)

	return &OIDCServer{
		srv,
		&oauth2.Config{
			ClientID:     srv.ClientID,
			ClientSecret: srv.ClientSecret,
			RedirectURL:  "https://example.com/oauth/callback",
			Endpoint:     provider.Endpoint(),
			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
		},
		provider,
		t,
	}
}

func (srv *OIDCServer) CreateAuthorizationCodeFor(user mockoidc.User) string {
	code := strconv.FormatInt(time.Now().Unix(), 10)
	srv.QueueUser(user)
	srv.QueueCode(code)

	http.Get(srv.AuthCodeURL("state"))

	return code
}

func (srv *OIDCServer) CreateTokenFor(user mockoidc.User) *oauth2.Token {
	code := srv.CreateAuthorizationCodeFor(user)
	token, err := srv.Exchange(srv.Context(), code)
	require.NoError(srv, err)
	return token
}

func (srv *OIDCServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) {
	token := srv.CreateTokenFor(user)
	rawIDToken, ok := token.Extra("id_token").(string)
	require.True(srv, ok)
	return token, rawIDToken
}

func (srv *OIDCServer) Verify(rawIDToken string) *oidc.IDToken {
	idToken, err := srv.
		Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}).
		Verify(srv.Context(), rawIDToken)
	require.NoError(srv, err)

	return idToken
}

func (s *OIDCServer) Close() {
	s.Shutdown()
}