import { getRequestURL, readBody, setCookie } from 'h3'

// Function to verify JWT token with the userinfo endpoint
export default defineEventHandler(async (event) => {
  console.log("=================== MASUK FE SSO! ===================")
  const body = await readBody(event)
  const url = getRequestURL(event)
  const config = useRuntimeConfig()

  const apiSSOConfirm = config.public.SSO_CONFIRM_URL
  const token = 'Bearer ' + body.data.token

  const res_sso = await fetch(apiSSOConfirm,
  {
    method: 'GET',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': token,
    }
  })

  console.log(res_sso)
  if (res_sso.status === 200) {
    const apiOrigin = config.public.API_ORIGIN

    const cleanOrigin = apiOrigin.replace(/\/+$/, '')
    const cleanPath = url.pathname.replace(/^\/api\//, '').replace(/^\/+/, '')
    const externalUrl = `${cleanOrigin}/${cleanPath}${url.search}`

    const resp = await fetch(externalUrl,
    {
      method: 'POST',
      body: JSON.stringify({
        name: body.data.user.username,
      }),
      headers: {
        'Content-Type': 'application/json',
        'X-AuthPartner-Code': config.public.X_AP_CODE,
        'X-AuthPartner-SecretKey': config.public.X_AP_SECRET_KEY,
      },
    })

    return new Response(await resp.text(), {
      status: resp.status,
      headers: {
        'Content-Type': resp.headers.get('content-type') || 'text/plain',
      },
    })
  }

  return new Response(await res_sso.text(), {
    status: res_sso.status,
    headers: {
      'Content-Type': res_sso.headers.get('content-type') || 'text/plain',
    },
  })
})