package handlers

import (
	"encoding/json"
	"fmt"

	"github.com/valyala/fasthttp"

	"github.com/authelia/authelia/internal/middlewares"
)

func oidcWellKnown(ctx *middlewares.AutheliaCtx) {
	var configuration WellKnownConfigurationJSON

	issuer, err := ctx.ForwardedProtoHost()
	if err != nil {
		ctx.Logger.Errorf("Error occurred in ForwardedProtoHost: %+v", err)
		ctx.Response.SetStatusCode(fasthttp.StatusBadRequest)

		return
	}

	configuration.Issuer = issuer
	configuration.AuthURL = fmt.Sprintf("%s%s", issuer, oidcAuthorizePath)
	configuration.TokenURL = fmt.Sprintf("%s%s", issuer, oidcTokenPath)
	configuration.RevocationEndpoint = fmt.Sprintf("%s%s", issuer, oidcRevokePath)
	configuration.JWKSURL = fmt.Sprintf("%s%s", issuer, oidcJWKsPath)
	configuration.Algorithms = []string{"RS256"}
	configuration.ScopesSupported = []string{
		"openid",
		"profile",
		"groups",
		"email",
		// Determine if this is really mandatory knowing the RP can request for a refresh token through the authorize
		// endpoint anyway.
		"offline_access",
	}
	configuration.ClaimsSupported = []string{
		"aud",
		"exp",
		"iat",
		"iss",
		"jti",
		"rat",
		"sub",
		"auth_time",
		"nonce",
		"email",
		"email_verified",
		"groups",
		"name",
	}
	configuration.SubjectTypesSupported = []string{
		"public",
	}
	configuration.ResponseTypesSupported = []string{
		"code",
		"token",
		"id_token",
		"code token",
		"code id_token",
		"token id_token",
		"code token id_token",
		"none",
	}

	ctx.SetContentType("application/json")

	if err := json.NewEncoder(ctx).Encode(configuration); err != nil {
		ctx.Logger.Errorf("Error occurred in json Encode: %+v", err)
		// TODO: Determine if this is the appropriate error code here.
		ctx.Response.SetStatusCode(fasthttp.StatusInternalServerError)

		return
	}
}