package SeMeet::Controller::Auth;
use Mojo::Base 'Mojolicious::Controller', -signatures;
use YAML;

sub callback ($c) {
    my $token  = $c->oidc->get_access_token( $c->param("code") );
    my $claims = $c->oauth_claims( $token->access_token );

    my $octopus_user = $c->iapi->get('octopus/users/' . $claims->{sub});

    my %user = (
        uuid        => $claims->{sub},
        username    => $claims->{preferred_username},
        displayname => $octopus_user->{displayname} || $claims->{name},
    );

    my $user = $c->schema->resultset('User')->search({
        -or => [
            uuid     => $claims->{sub},
            username => $claims->{preferred_username},
        ]
    })->first;

    if ( $user ) {
        $user->update(\%user);
    }
    else {
        $user = $c->schema->resultset('User')->create(\%user);
    }

    my @groups      = ();
    my $permissions = {};

    my $groups = $c->schema->resultset('Group')->search(
        { octid => { '-in' => $octopus_user->{groups} }},
        { columns => ['id', 'permissions'] }
    );

    GROUP:
    while ( my $group = $groups->next ) {
        push @groups, $group->id;

        foreach my $permission ( @{ $group->permissions || [] } ) {
            $permissions->{$permission} = 1;
        }
    }

    $c->session->{user} = {
        $user->get_columns,
        groups      => \@groups,
        permissions => $permissions,
        api_token   => $user->api_token({
            secret      => $c->cfg->{jwt_secret},
            permissions => $permissions,
            groups      => \@groups,
        }),
    };

    $c->authenticate();
    $c->redirect_to('/');
}

sub do_logout($c) { # nesmi se jmenovat logout - rekurze
    $c->logout;
    delete $c->session->{user};
    $c->redirect_to('/');
}

1;