package verify

import (
	"net/http"

	"edge-infra.dev/pkg/edge/iam/log"

	"github.com/coreos/go-oidc/v3/oidc"
	"github.com/gin-gonic/gin"
	"golang.org/x/oauth2"
)

func (v *Verifier) start(ctx *gin.Context) {
	log := log.Get(ctx.Request.Context())

	provider, err := oidc.NewProvider(oidc.InsecureIssuerURLContext(ctx, Issuer()), IssuerURL())
	if err != nil {
		err := ctx.AbortWithError(http.StatusInternalServerError, err)
		if err != nil {
			log.Error(err, "failed to abort with error")
		}
		return
	}

	config := oauth2.Config{
		ClientID:     v.ClientID,
		ClientSecret: v.ClientSecret,
		RedirectURL:  v.ClientURL + verifyCallbackPath,
		Endpoint:     provider.Endpoint(),
		Scopes:       []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "profile"},
	}

	loginHint := ctx.Request.URL.Query().Get("login_hint")
	authCodeURL := config.AuthCodeURL("332b7b6ue34ds", oauth2.SetAuthURLParam("login_hint", loginHint))

	ctx.Redirect(http.StatusFound, authCodeURL)
}