/**
 * Catch-all route that delegates all /oidc/* requests to the oidc-provider.
 *
 * This exposes the standard OIDC endpoints:
 *   /oidc/auth          — authorization
 *   /oidc/token         — token exchange
 *   /oidc/me            — userinfo
 *   /oidc/session/end   — logout
 *   /oidc/jwks          — JSON Web Key Set
 */
import { getOidcProvider } from "../../utils/oidc-provider.js";

export default defineEventHandler(async (event) => {
  const provider = await getOidcProvider();
  const { req, res } = event.node;

  // The provider's routes config includes the /oidc prefix,
  // so pass the full path through without stripping.

  // Ensure the provider sees https when behind Traefik
  if (!req.headers["x-forwarded-proto"]) {
    req.headers["x-forwarded-proto"] = "https";
  }

  // Hand off to oidc-provider's Connect-style callback
  const callback = provider.callback() as Function;
  await new Promise<void>((resolve, reject) => {
    callback(req, res, (err: unknown) => {
      if (err) reject(err);
      else resolve();
    });
  });
});