/// <reference lib="deno.ns" />

import { OAuthClient, SQLiteOAuthStorage } from "@slices/oauth";
import { SessionStore, SQLiteAdapter, withOAuthSession } from "@slices/session";

const OAUTH_CLIENT_ID = Deno.env.get("OAUTH_CLIENT_ID");
const OAUTH_CLIENT_SECRET = Deno.env.get("OAUTH_CLIENT_SECRET");
const OAUTH_REDIRECT_URI = Deno.env.get("OAUTH_REDIRECT_URI");
const OAUTH_AIP_BASE_URL = Deno.env.get("OAUTH_AIP_BASE_URL");
const SLICE_URI = Deno.env.get("VITE_SLICE_URI");
const ADMIN_DIDS = Deno.env.get("VITE_ADMIN_DIDS");

if (
  !OAUTH_CLIENT_ID ||
  !OAUTH_CLIENT_SECRET ||
  !OAUTH_REDIRECT_URI ||
  !OAUTH_AIP_BASE_URL
) {
  throw new Error(
    "Missing OAuth configuration. Please ensure .env file contains:\n" +
      "OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_REDIRECT_URI, OAUTH_AIP_BASE_URL",
  );
}

if (!SLICE_URI || !ADMIN_DIDS) {
  throw new Error(
    "Missing slice configuration. Please ensure .env file contains:\n" +
      "VITE_SLICE_URI, VITE_ADMIN_DIDS",
  );
}

const DATABASE_URL = Deno.env.get("DATABASE_URL") || "slices.db";

// OAuth setup
export const oauthStorage = new SQLiteOAuthStorage(DATABASE_URL);
export const oauthConfig = {
  clientId: OAUTH_CLIENT_ID,
  clientSecret: OAUTH_CLIENT_SECRET,
  authBaseUrl: OAUTH_AIP_BASE_URL,
  redirectUri: OAUTH_REDIRECT_URI,
  scopes: [
    "openid",
    "email",
    "profile",
    "atproto",
    "account:email",
    "blob:image/*",
    "repo:network.slices.slice",
    "repo:network.slices.lexicon",
    "repo:network.slices.actor.profile",
    "repo:network.slices.waitlist.request",
  ],
};

// Session setup (shared database)
export const sessionStore = new SessionStore({
  adapter: new SQLiteAdapter(DATABASE_URL),
  cookieOptions: {
    httpOnly: true,
    secure: Deno.env.get("NODE_ENV") === "production",
    sameSite: "lax",
    path: "/",
  },
});

// OAuth + Session integration
export const oauthSessions = withOAuthSession(
  sessionStore,
  oauthConfig,
  oauthStorage,
  {
    autoRefresh: true,
  },
);

// Helper function to create session-scoped OAuth client
export function createOAuthClient(sessionId: string): OAuthClient {
  return new OAuthClient(oauthConfig, oauthStorage, sessionId);
}

// Export slice configuration
export { SLICE_URI, ADMIN_DIDS };