import Cookies from 'cookies';
import { NextApiRequest, NextApiResponse } from 'next';
import {
  CLIENT_ID,
  COOKIE_KEYS,
  OAUTH_URL,
  PUBLIC_URL,
} from '../../lib/constants';
import { encrypt, generateString } from '../../lib/utils/crypto';

const redirect = `${PUBLIC_URL}/api/callback`;

export default function handler(req: NextApiRequest, res: NextApiResponse) {
  const stateToken = generateString(16);
  const state = encrypt(
    JSON.stringify({
      redirect_uri: redirect,
      state: stateToken,
    })
  );

  const params = new URLSearchParams({
    client_id: CLIENT_ID,
    response_type: 'code',
    redirect_uri: redirect,
    scope: 'management',
    state,
  });

  const cookies = new Cookies(req, res, { keys: COOKIE_KEYS });

  cookies.set('validation', stateToken, {
    secure: process.env.NODE_ENV === 'production',
    signed: true,
  });

  res.redirect(`${OAUTH_URL}/authorize?${params.toString()}`);
}