import { cookies } from "next/headers";
import Hex from "crypto-js/enc-hex";
import hmacSHA256 from "crypto-js/hmac-sha256";
import WordArray from "crypto-js/lib-typedarrays";

import { AUTH_NONCE } from "@/lib/constants";

const hostUrl = process.env.NEXT_PUBLIC_HOST_URL as string;
const discourseHost = process.env.DISCOURSE_HOST as string;
const clientSecret = process.env.DISCOURSE_SECRET as string;

export async function POST(_req: Request) {
  const nonce = WordArray.random(16).toString();

  // 检查是否存在 OAuth 状态
  const oauthState = cookies().get("oauth_state");
  const return_url = oauthState
    ? `${hostUrl}/authorize` // 如果存在 OAuth 状态，重定向到 authorize 页面
    : `${hostUrl}/dashboard`; // 否则重定向到仪表板

  const sso = btoa(`nonce=${nonce}&return_sso_url=${return_url}`);
  const sig = hmacSHA256(sso, clientSecret).toString(Hex);

  cookies().set(AUTH_NONCE, nonce, { maxAge: 60 * 10 });
  return Response.json({
    sso_url: `${discourseHost}/session/sso_provider?sso=${sso}&sig=${sig}`,
  });
}