from flask import Blueprint, redirect, url_for, session, current_app, request

auth_bp = Blueprint('auth', __name__)


@auth_bp.route('/login')
def login():
    redirect_uri = url_for('auth.callback', _external=True)
    return current_app.extensions['oauth'].alpid.authorize_redirect(redirect_uri)


@auth_bp.route('/callback')
def callback():
    token = current_app.extensions['oauth'].alpid.authorize_access_token()
    userinfo = token.get('userinfo') or \
               current_app.extensions['oauth'].alpid.userinfo(token=token)
    session['user'] = {
        'sub':      userinfo['sub'],
        'name':     userinfo.get('name') or userinfo.get('preferred_username', 'Membre'),
        'username': userinfo.get('preferred_username', ''),
        'email':    userinfo.get('email', ''),
    }
    return redirect(session.pop('next_url', url_for('public.index')))


@auth_bp.route('/logout')
def logout():
    session.clear()
    # Déconnexion côté AlpID si end_session_endpoint disponible
    end_session = current_app.config.get('ALPID_END_SESSION_URL')
    if end_session:
        post_logout = url_for('public.index', _external=True)
        return redirect(f"{end_session}?post_logout_redirect_uri={post_logout}")
    return redirect(url_for('public.index'))