import { NextRequest, NextResponse } from "next/server"
import { AuthError } from "next-auth"

import { Lang } from "@/constants/languages"
import { env } from "@/env/server"
import { internalServerError } from "@/server/errors/next"

import { signIn } from "@/auth"

export async function GET(
  request: NextRequest,
  context: { params: { lang: Lang } }
) {
  let redirectHeaders: Headers | undefined = undefined
  let redirectTo: string

  const returnUrl = request.headers.get("x-returnurl")

  if (returnUrl) {
    // Seamless login request from Current web
    redirectTo = returnUrl
  } else {
    // Normal login request from New web
    redirectTo =
      request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
      request.nextUrl.searchParams.get("redirectTo") ||
      "/"

    // Make relative URL to absolute URL
    if (redirectTo.startsWith("/")) {
      if (!env.PUBLIC_URL) {
        throw internalServerError("No value for env.PUBLIC_URL")
      }
      redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
    }

    // Clean up cookie from authRequired middleware
    redirectHeaders = new Headers()
    redirectHeaders.append(
      "set-cookie",
      "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
    )
  }

  try {
    /**
     * Passing `redirect: false` to `signIn` will return the URL instead of
     * automatically redirecting to it inside of `signIn`.
     * https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76
     */
    const redirectUrl = await signIn(
      "curity",
      {
        redirectTo,
        redirect: false,
      },
      {
        ui_locales: context.params.lang,
        scope: "profile_update openid",
        // The below acr value is required as for New Web same Curity Client is used for MFA
        // while in current web it is being setup using different Curity Client ID and secret
        acr_values:
          "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web",
      }
    )

    if (redirectUrl) {
      return NextResponse.redirect(redirectUrl, {
        headers: redirectHeaders,
      })
    }
  } catch (error) {
    if (error instanceof AuthError) {
      console.error({ signInAuthError: error })
    } else {
      console.error({ signInError: error })
    }
  }

  return internalServerError()
}