{% import (
  "source.toby3d.me/toby3d/auth/internal/domain"
) %}

{% code type AuthorizePage struct {
  BaseOf
  Scope               domain.Scopes
  CodeChallengeMethod domain.CodeChallengeMethod
  ResponseType        domain.ResponseType
  Client              *domain.Client
  Me                  *domain.Me
  RedirectURI         *domain.URL
  Providers           []*domain.Provider
  CSRF                []byte
  CodeChallenge       string
  State               string
} %}

{% func (p *AuthorizePage) title() %}
{% if p.Client.Name != "" %}
{%= p.t("Authorize %s", p.Client.Name) %}
{% else %}
{%= p.t("Authorize application") %}
{% endif %}
{% endfunc %}

{% func (p *AuthorizePage) body() %}
<header>
  {% if p.Client.Logo != nil %}
  <img class=""
       crossorigin="anonymous"
       decoding="async"
       height="140"
       importance="high"
       loading="lazy"
       referrerpolicy="no-referrer-when-downgrade"
       src="{%s p.Client.Logo.String() %}"
       alt="{%s p.Client.Name %}"
       width="140">
  {% endif %}

  <h2>
    {% if p.Client.URL != nil %}
    <a href="{%s p.Client.URL.String() %}">
      {% endif %}
      {% if p.Client.Name != "" %}
      {%s p.Client.Name %}
      {% else %}
      {%s p.Client.ID.String() %}
      {% endif %}
      {% if p.Client.URL != nil %}
    </a>
    {% endif %}
  </h2>
</header>

<main>
  <aside>
    {% if p.CodeChallengeMethod != domain.CodeChallengeMethodUnd && p.CodeChallenge != "" %}
    <p class="with-icon">
      <span class="icon"
            role="img"
            aria-label="closed lock with key">🔐</span>

      {%= p.t(`This client uses %sPKCE%s with the %s%s%s method.`, `<abbr title="Proof of Key Code Exchange">`,
        `</abbr>`, `<code>`, p.CodeChallengeMethod, `</code>`) %}
    </p>
    {% else %}
    <details>
      <summary class="with-icon">
        <span class="icon"
              role="img"
              aria-label="unlock">🔓</span>

        {%= p.t(`This client does not use %sPKCE%s!`, `<abbr title="Proof of Key Code Exchange">`, `</abbr>`) %}
      </summary>
      <p>
        {%= p.t(`%sProof of Key Code Exchange%s is a mechanism that protects against attackers in the middle hijacking `+
        `your application's authentication process. You can still authorize this application without this protection, `+
        `but you must independently verify the security of this connection. If you have any doubts - stop the process `+
        ` and contact the developers.`, `<dfn id="PKCE">`, `</dfn>`) %}
      </p>
    </details>
    {% endif %}
  </aside>

  <form class=""
        accept-charset="utf-8"
        action="/authorize/verify"
        autocomplete="off"
        enctype="application/x-www-form-urlencoded"
        method="post"
        novalidate="true"
        target="_self">

    {% if p.CSRF != nil %}
    <input type="hidden"
           name="_csrf"
           value="{%z p.CSRF %}">
    {% endif %}

    {% for key, val := range map[string]string{
      "client_id":     p.Client.ID.String(),
      "redirect_uri":  p.RedirectURI.String(),
      "response_type": p.ResponseType.String(),
      "state":         p.State,
    } %}
    <input type="hidden"
           name="{%s key %}"
           value="{%s val %}">
    {% endfor %}

    {% if len(p.Scope) > 0 %}
    <fieldset>
      <legend>{%= p.t("Scopes") %}</legend>

      {% for _, scope := range p.Scope %}
      <div>
        <label>
          <input type="checkbox"
                 name="scope[]"
                 value="{%s scope.String() %}"
                 checked>

          {%s scope.String() %}
        </label>
      </div>
      {% endfor %}
    </fieldset>
    {% else %}
    <aside>
      <p>{%= p.t(`No scopes is requested: the application will only get your profile URL.`) %}</p>
    </aside>
    {% endif %}

    {% if p.CodeChallenge != "" %}
    {% for key, val := range map[string]string{
      "code_challenge":        p.CodeChallenge,
      "code_challenge_method": p.CodeChallengeMethod.String(),
    } %}
    <input type="hidden"
           name="{%s key %}"
           value="{%s val %}">
    {% endfor %}
    {% endif %}

    {% if p.Me != nil %}
    <input type="hidden"
           name="me"
           value="{%s p.Me.String() %}">
    {% endif %}

    {% if len(p.Providers) > 0 %}
    <select name="provider"
            autocomplete
            required>

      {% for _, provider := range p.Providers %}
      <option value="{%s provider.UID %}"
              {% if provider.UID == "mastodon" %}selected{% endif %}>

        {%s provider.Name %}
      </option>
      {% endfor %}
    </select>
    {% else %}
    <input type="hidden"
           name="provider"
           value="direct">
    {% endif %}

    <button type="submit"
            name="authorize"
            value="deny">

      {%= p.t("Deny") %}
    </button>

    <button type="submit"
            name="authorize"
            value="allow">

      {%= p.t("Allow") %}
    </button>

    <aside>
      <p>{%= p.t(`You will be redirected to %s%s%s`, `<code>`, p.RedirectURI, `</code>`) %}</p>
    </aside>
  </form>
</main>
{% endfunc %}