using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.DependencyInjection;

namespace Fengling.AuthService.Configuration;

public static class OpenIddictSetup
{
    public static IServiceCollection AddOpenIddictConfiguration(
        this IServiceCollection services,
        IConfiguration configuration
    )
    {
        var isTesting = configuration.GetValue<bool>("Testing", false);

        var builder = services.AddOpenIddict();

        builder.AddCore(options =>
        {
            options.UseEntityFrameworkCore().UseDbContext<Data.ApplicationDbContext>();
        });

        if (!isTesting)
        {
            builder.AddServer(options =>
            {
                options.SetIssuer(configuration["OpenIddict:Issuer"] ?? "https://auth.fengling.local");

                options.AddDevelopmentEncryptionCertificate()
                       .AddDevelopmentSigningCertificate();

                options.AllowAuthorizationCodeFlow()
                       .AllowPasswordFlow()
                       .AllowRefreshTokenFlow()
                       .RequireProofKeyForCodeExchange();

                options.RegisterScopes("api", "offline_access");
            });
        }

        builder.AddValidation(options =>
        {
            options.UseLocalServer();
        });

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        });

        return services;
    }
}