import { Controller, Get, Redirect, Res } from '@nestjs/common';
import { Response } from 'express';
import { ConfigurationService } from '../config/config.service';

@Controller({
  path: '/.well-known/',
})
export class WellKnownController {
  constructor(private config: ConfigurationService) {}

  @Get('security.txt')
  securityTXT(@Res({ passthrough: true }) res: Response) {
    res.set('content-type', 'text/plain');
    return `# If you would like to report a security issue
# you may report it to:
Contact: mailto:evert@lunasqu.ee
    `;
  }

  @Get('dnt')
  DNT() {
    return { tracking: 'N' };
  }

  @Get('change-password')
  @Redirect('/account/security')
  changePassword() {
    return;
  }

  @Get('openid-configuration')
  openidConfiguration() {
    const base = this.config.get<string>('app.base_url');
    return {
      issuer: this.config.get('jwt.issuer'),
      authorization_endpoint: `${base}/oauth2/authorize`,
      token_endpoint: `${base}/oauth2/token`,
      jwks_uri: `${base}/oauth2/jwks`,
      userinfo_endpoint: `${base}/api/user`,
      introspection_endpoint: `${base}/oauth2/introspect`,
      response_types_supported: ['code', 'id_token'],
      id_token_signing_alg_values_supported: [
        this.config.get<string>('jwt.algorithm'),
      ],
      subject_types_supported: ['public'],
      scopes_supported: ['openid', 'profile', 'picture', 'email'],
      claims_supported: [
        'aud',
        'exp',
        'iat',
        'iss',
        'sub',
        'name',
        'preferred_username',
        'nickname',
        'picture',
        'updated_at',
        'email',
        'email_verified',
      ],
      code_challenge_methods_supported: ['plain', 'S256'],
      grant_types_supported: ['authorization_code', 'refresh_token'],
    };
  }
}