<?php

namespace Isekai\OIDC;

use ApiBase;
use Wikimedia\ParamValidator\ParamValidator;
use Isekai\OIDC\IsekaiOIDCAuth;
use User;

class ApiOidcWebhook extends ApiBase {
    public function __construct( $main, $method ) {
        parent::__construct( $main->getMain(), $method );
    }

    public function execute() {
        global $wgIsekaiOIDC;
        $queryValues = $this->getRequest()->getQueryValues();
        $provider = '';
        if (isset($queryValues['provider'])) {
            $provider = $queryValues['provider'];
        }

        if (isset($wgIsekaiOIDC['webhookKey'])) {
            if (!isset($queryValues['key']) || $queryValues['key'] !== $wgIsekaiOIDC['webhookKey']) {
                $this->addError('isekaioidc-api-key-invalid', '-1', [ 'provider' => $provider ]);
                return;
            }
        }

        switch ($provider) {
            case 'keycloak':
                $this->keycloakCallback();
                break;
            default:
                $this->addError('isekaioidc-api-provider-not-supported', '-1', [ 'provider' => $provider ]);
        }
    }

    private function keycloakCallback() {
        if (!$this->getRequest()->wasPosted()) {
            return $this->addError('isekaioidc-api-post-body-invalid');
        }

        $postBody = $this->getRequest()->getRawPostString();
        $postData = json_decode($postBody);
        if (!$this->getRequest()->wasPosted() || !$postData) {
            return $this->addError('isekaioidc-api-post-body-invalid');
        }
        global $wgIsekaiOIDC;
        $realm = $wgIsekaiOIDC['realm'];
        $apiMode = isset($wgIsekaiOIDC['apiMode']) ? $wgIsekaiOIDC['apiMode'] : 'oauth';

        $eventType = $postData->type;
        $subject = $postData->userId;
        $eventRealm = $postData->realmId;
        if ($eventRealm !== $realm) {
            //return $this->addError('isekaioidc-api-realm-not-match');
            $this->getResult()->addValue(null, 'webhook', 0);
            return;
        }

        if (!in_array($eventType, ['UPDATE_PROFILE', 'UPDATE_EMAIL'])) {
            //return $this->addError('isekaioidc-api-unsupported-event');
            $this->getResult()->addValue(null, 'webhook', 0);
            return;
        }

        list($userId, $userName, $accessToken, $refreshToken) = IsekaiOIDCAuth::findUser($subject);

        if ($userId) {
            $userInfo = $postData->userInfo;
            $newProfile = [
                'realname' => $userInfo->name,
                'email' => $userInfo->email,
                'phone' => $userInfo->phone_number,
            ];

            $user = User::newFromId($userId);
            IsekaiOIDCAuth::updateUserInfo($user, $newProfile);
        }
        $this->getResult()->addValue(null, 'webhook', 1);
    }

    public function getAllowedParams() {
        return [
            'provider' => [
                ParamValidator::PARAM_DEFAULT => null,
                ApiBase::PARAM_TYPE => 'text',
            ],
            'key' => [
                ParamValidator::PARAM_DEFAULT => null,
                ApiBase::PARAM_TYPE => 'text',
            ]
        ];
    }
}