/**
 * Catch-all route that delegates all /oidc/* requests to the oidc-provider.
 *
 * This exposes the standard OIDC endpoints:
 *   /oidc/auth          — authorization
 *   /oidc/token         — token exchange
 *   /oidc/me            — userinfo
 *   /oidc/session/end   — logout
 *   /oidc/jwks          — JSON Web Key Set
 */
import { getOidcProvider } from "../../utils/oidc-provider.js";

export default defineEventHandler(async (event) => {
  // Let Nuxt handle the /oidc/login page (Vue SPA route)
  const path = event.path || getRequestURL(event).pathname;
  if (path === "/oidc/login" || path.startsWith("/oidc/login?")) {
    return;
  }

  const provider = await getOidcProvider();
  const { req, res } = event.node;

  // The provider's routes config includes the /oidc prefix,
  // so pass the full path through without stripping.

  // Traefik terminates TLS — tell the provider we're on https
  req.headers["x-forwarded-proto"] = "https";

  // Hand off to oidc-provider's Connect-style callback
  const callback = provider.callback() as Function;
  await new Promise<void>((resolve, reject) => {
    callback(req, res, (err: unknown) => {
      if (err) reject(err);
      else resolve();
    });
  });
});