using System.Web;
using AutheliaMultiDomainProxy.Backend;
using Microsoft.AspNetCore.Mvc;

namespace AutheliaMultiDomainProxy.Controllers;

[Controller]
[Route("/api/redirect")]
public class RedirectController : Controller {
	public IActionResult Get([FromQuery] string tgt) {
		// Check if we are on an allowed domain
		if (!Vars.PermittedDomains.Any(p => Request.Host.Host.EndsWith($".{p}"))) {
			Response.StatusCode = 421;
			return StatusCode(StatusCodes.Status421MisdirectedRequest);
		}

		var dstDomain = AuthHelpers.GetRootDomain(tgt);

		if (string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
			Response.StatusCode = StatusCodes.Status421MisdirectedRequest;
			return BadRequest("Bad request.");
		}

		// tgt is urlencoded twice because authelia decodes it by one layer 
		var targetUrl =
			$"https://{Vars.AutheliaSubdomain}.{Vars.UpstreamPrimaryDomain}/?rd=https%3A%2F%2F{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}%2Fapi%2Fcookieproxy_stage_one%3FdstDomain%3D{dstDomain}%26tgt%3D{HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
		Response.Redirect(targetUrl);
		return Content($"Redirecting... <a href=\"{targetUrl}\">Click here if you are not redirected automatically</a>", "text/html");
	}
}