package handler

import (
	"errors"
	"github.com/google/uuid"
	"github.com/loveuer/nf"
	"github.com/loveuer/nf/nft/resp"
	"net/http"
	"time"
	"uauth/internal/store/cache"
	"uauth/internal/tool"
	"uauth/model"
)

func Approve(c *nf.Ctx) error {
	// 获取表单数据
	type Req struct {
		ClientId     string `form:"client_id"`
		ClientSecret string `form:"client_secret"`
		RedirectURI  string `form:"redirect_uri"`
		Scope        string `form:"scope"`
		State        string `form:"state"`
	}

	var (
		ok  bool
		op  *model.User
		err error
		req = new(Req)
	)

	if op, ok = c.Locals("user").(*model.User); !ok {
		return resp.Resp401(c, nil)
	}

	if err = c.BodyParser(req); err != nil {
		return resp.Resp400(c, err)
	}

	state := cache.Prefix + "state_code:" + req.State
	if _, err = cache.Client.Get(c.Context(), state); err != nil {
		if errors.Is(err, cache.ErrorKeyNotFound) {
			return resp.Resp400(c, req, "Bad Approve Request")
		}

		return resp.Resp500(c, err)
	}

	_ = cache.Client.Del(tool.Timeout(3), state)

	authorizationCode := uuid.New().String()[:8]
	if err = cache.Client.SetEx(c.Context(), cache.Prefix+"auth_code:"+authorizationCode, op.Id, 10*time.Minute); err != nil {
		return resp.Resp500(c, err)
	}

	// 重定向到回调 URL 并附带授权码
	return c.Redirect(req.RedirectURI+"?code="+authorizationCode, http.StatusFound)
}