# frozen_string_literal: true

class OmniauthCallbacksController < ApplicationController
  include CookieBasedCsrf
  include UserAuthentication

  def create
    case params[:provider]
    when 'google_oauth2'
      google_oauth2
    when 'reddit'
      reddit
    when 'discord'
      discord
    else
      head :not_found
    end
  end

  private

  def google_oauth2
    @user = User.from_omniauth(request.env['omniauth.auth'])

    if @user.persisted?
      sign_in_and_redirect @user, event: :authentication
    else
      redirect_to new_user_registration_url
    end
  end

  def reddit
    @user = User.from_omniauth(request.env['omniauth.auth'])

    if @user.persisted?
      sign_in_and_redirect @user, event: :authentication
    else
      redirect_to new_user_registration_url
    end
  end

  def discord
    @user = User.from_omniauth(request.env['omniauth.auth'])

    if @user.persisted?
      sign_in_and_redirect @user, event: :authentication
    else
      redirect_to new_user_registration_url
    end
  end

  def sign_in_and_redirect(user, *_args)
    # TODO: Log event
    # TODO: Throw on unregistered/unknown user

    # Ensure we have a new CSRF token now that user is signed in
    cookies.delete(:_csrf_token)

    login(user)
    cookies['x-csrf-token'] = {
      value: form_authenticity_token,
      httponly: false,
      secure: !(Rails.env.development? || Rails.env.test?),
    }

    redirect_to root_path
  end

  # More info at:
  # https://github.com/plataformatec/devise#omniauth

  # GET|POST /resource/auth/twitter
  # def passthru
  #   super
  # end

  # GET|POST /users/auth/twitter/callback
  # def failure
  #   super
  # end

  # protected

  # The path used when OmniAuth fails
  # def after_omniauth_failure_path_for(scope)
  #   super(scope)
  # end
end