const passport = require('passport');
const OpenIDConnectStrategy = require('passport-openidconnect');
const dotenv = require('dotenv');
dotenv.config();

const express = require('express');
const { param } = require('./applications');
const router = express.Router();
const pool = require('../db')

passport.use(new OpenIDConnectStrategy({
    issuer: process.env.AUTH_ISSUER,
    authorizationURL: 'https://sso.iceberg-gaming.com/application/o/authorize/',
    tokenURL: 'https://sso.iceberg-gaming.com/application/o/token/',
    userInfoURL: 'https://sso.iceberg-gaming.com/application/o/userinfo/',
    clientID: process.env.AUTH_CLIENT_ID,
    clientSecret: process.env.AUTH_CLIENT_SECRET,
    callbackURL: process.env.AUTH_REDIRECT_URI,
    scope: ['openid', 'profile']
}, async function verify(issuer, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) {

    console.log('--- OIDC verify() called ---');
    console.log('issuer:', issuer);
    console.log('sub:', sub);
    console.log('profile:', JSON.stringify(profile, null, 2));
    console.log('id_token claims:', JSON.stringify(jwtClaims, null, 2));
    console.log('preferred_username:', jwtClaims?.preferred_username);

    const con = await pool.getConnection();
    try {
        await con.beginTransaction();

        //lookup existing user
        const existing = await con.query(`SELECT id FROM members WHERE authentik_issuer = ? AND authentik_sub = ? LIMIT 1;`, [issuer, sub]);
        console.log(existing)
        let memberId;
        //if member exists
        if (existing.length > 0) {
            console.log('member exists');
            memberId = existing[0].id;
        } else {
            console.log("creating member")
            //otherwise: create account
            const username = sub.username;

            const result = await con.query(
                `INSERT INTO members (name, authentik_sub, authentik_issuer) VALUES (?, ?, ?)`,
                [username, sub, issuer]
            )
            memberId = result.insertId;
        }

        console.log("hello world" + memberId);
        await con.commit();
        return cb(null, { memberId });
    } catch (error) {
        await con.rollback();
        return cb(error);
    } finally {
        con.release();
    }
}));

router.get('/login', passport.authenticate('openidconnect'))
router.get('/callback', passport.authenticate('openidconnect', {
    successRedirect: 'https://aj17thdev.nexuszone.net/',
    failureRedirect: 'https://aj17thdev.nexuszone.net/'
}));

router.post('/logout', function (req, res, next) {
    req.logout(function (err) {
        if (err) { return next(err); }
        var params = {
            client_id: process.env.AUTH_CLIENT_ID,
            returnTo: 'https://aj17thdev.nexuszone.net/'
        };
        res.redirect(process.env.AUTH_DOMAIN + '/v2/logout?' + qs.stringify(params));
    });
});

passport.serializeUser(function (user, cb) {
    process.nextTick(function () {
        console.log(`serialize: ${user.memberId}`);
        cb(null, user);
    });
});

passport.deserializeUser(function (user, cb) {
    process.nextTick(async function () {
        const memberID = user.memberId;

        const con = await pool.getConnection();

        var userData;
        try {
            userResults = await con.query(`SELECT id, name FROM members WHERE id = ?;`, [memberID])
            console.log(userResults)
            userData = userResults[0];

        } catch (error) {
            console.error(error)
        } finally {
            con.release();
        }
        return cb(null, userData);
    });
});


module.exports = router;