package discourse

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"encoding/hex"
	"fmt"
	"net/url"
)

func generateSSORequestURL(config SsoConfig) string {
	// Build the query string payload
	payload := fmt.Sprintf("nonce=%s&return_sso_url=%s", config.Uuid, config.ReturnEndpoint)

	// Base64 encode the payload
	base64Payload := base64.StdEncoding.EncodeToString([]byte(payload))

	// Urlencode the
	URLEncodedPayload := url.QueryEscape(base64Payload)

	// Get a hex signature for this payload with the sso secret
	hexSignature := computeHmac256(base64Payload, config.Secret)

	ssoURL := fmt.Sprintf("%s?sso=%s&sig=%s", config.Endpoint, URLEncodedPayload, hexSignature)

	return ssoURL
}

// Create a hex signature from a message and secret
func computeHmac256(message string, secret string) string {
	key := []byte(secret)
	h := hmac.New(sha256.New, key)
	h.Write([]byte(message))
	return hex.EncodeToString(h.Sum(nil))
}