// Copyright (c) SimpleIdServer. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using SimpleIdServer.IdServer.Builders;
using SimpleIdServer.IdServer.Config;
using SimpleIdServer.IdServer.Domains;

var corsPolicyName = "AllowAll";

var users = new List<User>
{
    UserBuilder
        .Create("administrator", "password", "Administrator")
        .SetEmail("adm@mail.com")
        .SetFirstname("Administrator")
        .AddRole("BI.PORTAL_ADMIN")
        .AddRole("BI.TENANT_ADMIN")
        .AddClaim("tid", "cbaa13c2-e95b-470a-bbcb-18911d5a6025")
        .Build(),
};

var api = ApiResourceBuilder.Create("urn:bighand:api:bi:portal", "BI Portal API").Build();

var clients = new List<Client>
{
    ClientBuilder
        .BuildUserAgentClient("foo", null, null, new[] { "http://localhost:4200/loggedin" })
        .AddScope(new Scope("openid"), new Scope("profile"), new Scope("offline_access"))
        .AddRefreshToken()
        .Build(),
};

var scopes = new List<Scope> { ScopeBuilder.CreateRoleScope(clients[0], "bi.portal", "").Build() };
var biScope = new Scope()
{
    ApiResources = { api },
    Name = "bi.portal",
    Clients = { clients[0] },
    Description = "BI Portal Scope",
    ClaimMappers =
    {
        new ScopeClaimMapper()
        {
            IncludeInAccessToken = true,
            TokenClaimJsonType = TokenClaimJsonTypes.STRING,
            TargetClaimPath = "role",
            MapperType = MappingRuleTypes.USERATTRIBUTE,
            SourceUserAttribute = "role",
            SourceUserProperty = "role",
        },
        new ScopeClaimMapper()
        {
            IncludeInAccessToken = true,
            TokenClaimJsonType = TokenClaimJsonTypes.STRING,
            TargetClaimPath = "tid",
            MapperType = MappingRuleTypes.USERATTRIBUTE,
            SourceUserAttribute = "tid",
            SourceUserProperty = "tid",
        },
         new ScopeClaimMapper()
        {
            IncludeInAccessToken = true,
            TokenClaimJsonType = TokenClaimJsonTypes.STRING,
            TargetClaimPath = "email",
            MapperType = MappingRuleTypes.USERATTRIBUTE,
            SourceUserAttribute = "email",
            SourceUserProperty = "email",
        },
    },
};

clients[0].Scopes.Add(biScope);

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddCors(options =>
{
    options.AddPolicy(
        name: corsPolicyName,
        policy =>
        {
            policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
        }
    );
});

builder
    .AddSidIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryUsers(users)
    .AddInMemoryClients(clients)
    .AddInMemoryScopes([biScope])
    .AddInMemoryLanguages(DefaultLanguages.All)
    .AddPwdAuthentication(true);

var app = builder.Build();
app.Services.SeedData();
app.UseSid();
app.UseCors(corsPolicyName);

await app.RunAsync();