import { OAuthClient, DenoKVOAuthStorage } from "@slices/oauth";
import { SessionStore, DenoKVAdapter, withOAuthSession } from "@slices/session";
import { AtProtoClient } from "./generated_client.ts";

// Environment configuration
export const PORT = parseInt(Deno.env.get("PORT") || "8080");
export const DATABASE_URL = Deno.env.get("DATABASE_URL") || "./statusphere.db";
export const OAUTH_CLIENT_ID = Deno.env.get("OAUTH_CLIENT_ID") || "";
export const OAUTH_CLIENT_SECRET = Deno.env.get("OAUTH_CLIENT_SECRET") || "";
export const OAUTH_REDIRECT_URI =
  Deno.env.get("OAUTH_REDIRECT_URI") ||
  `http://localhost:${PORT}/oauth/callback`;
export const OAUTH_AIP_BASE_URL =
  Deno.env.get("OAUTH_AIP_BASE_URL") || "https://bsky.social";
export const SLICE_URI =
  Deno.env.get("SLICE_URI") ||
  "at://did:plc:bcgltzqazw5tb6k2g3ttenbj/social.slices.slice/3lx5y476bws2q";
export const SLICES_API_URL = Deno.env.get("SLICES_API_URL") || "";

// OAuth and Session setup
// In Deno Deploy, don't specify a path to use the default KV store
const kv = await Deno.openKv(
  Deno.env.get("ENV") === "production" ? undefined : DATABASE_URL
);
const oauthStorage = new DenoKVOAuthStorage(kv);
export const oauthClient = new OAuthClient(
  {
    clientId: OAUTH_CLIENT_ID,
    clientSecret: OAUTH_CLIENT_SECRET,
    authBaseUrl: OAUTH_AIP_BASE_URL,
    redirectUri: OAUTH_REDIRECT_URI,
    scopes: [
      "openid",
      "profile",
      "email",
      "atproto:atproto",
      "atproto:transition:generic",
    ],
  },
  oauthStorage
);

export const sessionStore = new SessionStore({
  adapter: new DenoKVAdapter(kv),
  cookieOptions: {
    httpOnly: true,
    secure: Deno.env.get("ENV") === "production",
    sameSite: "lax",
    path: "/",
  },
});

export const oauthSessions = withOAuthSession(sessionStore, oauthClient, {
  autoRefresh: true,
});

// Slices AT Protocol client
export const atprotoClient = new AtProtoClient(
  SLICES_API_URL,
  SLICE_URI,
  oauthClient
);