package server

import (
	"net/http"

	atcrypto "github.com/bluesky-social/indigo/atproto/crypto"
	"github.com/bluesky-social/indigo/atproto/auth/oauth"
	"tangled.org/core/idresolver"
	"tangled.org/core/knot2/config"
)

func newAtClientApp(cfg *config.Config) *oauth.ClientApp {
	idResolver := idresolver.DefaultResolver(cfg.PlcUrl)
	scopes := []string{"atproto", "identity:*"}
	var oauthConfig oauth.ClientConfig
	if cfg.Dev {
		oauthConfig = oauth.NewLocalhostConfig(
			cfg.Uri()+"/oauth/callback",
			scopes,
		)
	} else {
		oauthConfig = oauth.NewPublicConfig(
			cfg.Uri()+"/oauth/client-metadata.json",
			cfg.Uri()+"/oauth/callback",
			scopes,
		)
	}
	priv, err := atcrypto.ParsePrivateMultibase(cfg.OAuth.ClientSecret)
	if err != nil {
		panic(err)
	}
	if err := oauthConfig.SetClientSecret(priv, cfg.OAuth.ClientKid); err != nil {
		panic(err)
	}
	// we can just use in-memory auth store
	clientApp := oauth.NewClientApp(&oauthConfig, oauth.NewMemStore())
	clientApp.Dir = idResolver.Directory()
	clientApp.Resolver.Client.Transport = http.DefaultTransport
	return clientApp
}