<?php

namespace Facile\OpenIDClient\Middleware;

use Facile\OpenIDClient\Authorization\AuthRequestInterface;
use Facile\OpenIDClient\Client\ClientInterface;
use Facile\OpenIDClient\Exception\LogicException;
use Facile\OpenIDClient\Exception\RuntimeException;
use Facile\OpenIDClient\Service\AuthorizationService;
use Facile\OpenIDClient\Session\AuthSessionInterface;
use Http\Discovery\Psr17FactoryDiscovery;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;

use function Facile\OpenIDClient\base64url_encode;
use function random_bytes;

class AuthRedirectHandler implements RequestHandlerInterface
{
    /** @var AuthorizationService */
    private $authorizationService;

    /** @var ResponseFactoryInterface */
    private $responseFactory;

    /** @var null|ClientInterface */
    private $client;

    /**
     * @var int
     *
     * @psalm-var positive-int
     */
    private $randomBytes;

    /**
     * @psalm-param positive-int $randomBytes
     */
    public function __construct(
        AuthorizationService $authorizationService,
        ?ResponseFactoryInterface $responseFactory = null,
        ?ClientInterface $client = null,
        int $randomBytes = 32,
    ) {
        $this->authorizationService = $authorizationService;
        $this->responseFactory = $responseFactory ?? Psr17FactoryDiscovery::findResponseFactory();
        $this->client = $client;
        $this->randomBytes = $randomBytes;
    }

    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        $authRequest = $request->getAttribute(AuthRequestInterface::class);

        if (! $authRequest instanceof AuthRequestInterface) {
            throw new RuntimeException('Unable to find a valid attribute for ' . AuthRequestInterface::class);
        }

        /** @var null|AuthSessionInterface $authSession */
        $authSession = $request->getAttribute(AuthSessionInterface::class);

        if ($authSession instanceof AuthSessionInterface) {
            $state = $authRequest->getState() ?? base64url_encode(random_bytes($this->randomBytes));
            $nonce = $authRequest->getNonce() ?? base64url_encode(random_bytes($this->randomBytes));

            $authSession->setState($state);
            $authSession->setNonce($nonce);

            $authRequest = $authRequest->withParams(['state' => $state]);
            $authRequest = $authRequest->withParams(['nonce' => $nonce]);
        }

        $client = $this->client ?? $request->getAttribute(ClientInterface::class);

        if (! $client instanceof ClientInterface) {
            throw new LogicException('No OpenID client provided');
        }

        $uri = $this->authorizationService->getAuthorizationUri($client, $authRequest->createParams());

        return $this->responseFactory->createResponse(302)
            ->withHeader('location', $uri);
    }
}__halt_compiler();----SIGNATURE:----Cep4rL+C8+QCuK5DiYcXeZxTihM61+0sZiMIt2KT/Qv7evKYN9Lo9MPiyv+UvkZJIVX17LbOgVJ80WAmAUDwaxsyJe5JQMQMrZHPnyk2CTjOc3G78G+u74oBfv9QXCS7t1O4Bax6p/IdPNce4HnReh3UeGpgcwdrdTA8R2BLBNI81CMT+OKELtg0sG86DYE4GsrKLrupl+33gme0cxK2e9rG40v4vB38/SheukXaB+1tf3L8714T7e+iZSpXdF1e/GCJ9L2EOks9a2DSxhZgR5AlugKXO45zrJVVG6le7+sMdMYtS3kBziUYZBakEpLOzS80nrk8cBtURmvMwbm3rD4x+HKac2toA9Rem7dkVQUoExQUuZafEsFYbehbt/Kt8aI0I8gUPTg8KRzM9CoedSmn5M+d4kkz+e3UymTodUxKjPf2roCO31H9UxFKp+TQA7rpdOsq9YZyS3s0vXDAKUcCdH0462ZaEp9rZjUUQ5ED3qvjxOaQouZuGpm9gtJxd2YfduDFD/HFZuLvhxEYFlr/V/wnIE1sVVgv/xBGjC9x8pOxzqoWCcmL+w03W8pW3GM1WYKdYRd2RcfYXsdTj/PiCBLFifKEuCrYTk9nqS7zXnkR+92adXvK/6yb/ZOFT2nQTXx2CCQo6BPZ2ymNH3mxudZ1gZ6jW3B7lH693h0=----ATTACHMENT:----OTUzODE2NTE4MDYxNTI0MiA4MTcyMjc1NzExODEyMTY0IDI1ODI0NzczMjEwMDM2Nw==