mod auth_guard;
mod routes;
mod state;
mod storage;

use std::sync::Arc;

use axum::{Router, routing::{get, post}};
use tower_http::services::ServeDir;
use openid::DiscoveredClient;
use state::AppState;
use storage::Storage;
use tower_sessions::{MemoryStore, SessionManagerLayer};
use irc_now_common::auth::OidcConfig;
use irc_now_common::db::DbConfig;

async fn health() -> &'static str {
    "ok"
}

#[tokio::main]
async fn main() {
    tracing_subscriber::fmt()
        .with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
        .init();

    let db = DbConfig::from_env("PICS").connect().await.unwrap();
    let oidc = OidcConfig::from_env();

    let issuer_url = url::Url::parse(&oidc.issuer_url).expect("invalid OIDC issuer URL");

    tracing::info!("discovering OIDC provider at {issuer_url}");
    let oidc_client = DiscoveredClient::discover(
        oidc.client_id.clone(),
        oidc.client_secret.clone(),
        Some(oidc.redirect_url.clone()),
        issuer_url,
    )
    .await
    .expect("OIDC discovery failed");

    tracing::info!("OIDC provider discovered");

    let s3_endpoint = std::env::var("S3_ENDPOINT").expect("S3_ENDPOINT required");
    let s3_bucket = std::env::var("S3_BUCKET").unwrap_or_else(|_| "pics".to_string());
    let s3_access_key = std::env::var("S3_ACCESS_KEY").expect("S3_ACCESS_KEY required");
    let s3_secret_key = std::env::var("S3_SECRET_KEY").expect("S3_SECRET_KEY required");

    let storage = Storage::new(&s3_endpoint, &s3_bucket, &s3_access_key, &s3_secret_key)
        .expect("S3 storage init failed");

    let state = AppState {
        db,
        oidc,
        oidc_client: Arc::new(oidc_client),
        storage,
    };

    let session_store = MemoryStore::default();
    let session_layer = SessionManagerLayer::new(session_store);

    let app = Router::new()
        .route("/health", get(health))
        .route("/", get(routes::image::index))
        .route("/upload", post(routes::image::upload))
        .route("/{id}", get(routes::image::view))
        .route("/{id}/raw", get(routes::image::raw))
        .route("/{id}/thumb", get(routes::image::thumb))
        .route("/my", get(routes::image::my_images))
        .route("/{id}/delete", post(routes::image::delete))
        .route("/auth/login", get(routes::auth::login))
        .route("/auth/callback", get(routes::auth::callback))
        .route("/auth/logout", get(routes::auth::logout))
        .nest_service("/static", ServeDir::new("static"))
        .layer(session_layer)
        .with_state(state);

    let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await.unwrap();
    tracing::info!("listening on {}", listener.local_addr().unwrap());
    axum::serve(listener, app).await.unwrap();
}