import Keycloak from 'keycloak-connect';
import session from 'express-session';
import { type Express } from 'express';

interface KeycloakConfig {
  realm: string;
  'auth-server-url': string;
  'ssl-required': string;
  resource: string;
  'public-client': boolean;
  'confidential-port': number;
}

// Keycloak Konfiguration aus Umgebungsvariablen oder Standard
const keycloakConfig: KeycloakConfig = {
  realm: process.env.KEYCLOAK_REALM || 'rplace',
  'auth-server-url': process.env.KEYCLOAK_AUTH_URL || 'http://localhost:8080/auth',
  'ssl-required': 'external',
  resource: process.env.KEYCLOAK_CLIENT_ID || 'rplace-client',
  'public-client': true,
  'confidential-port': 0,
};

// Session Store für Keycloak
const memoryStore = session.MemoryStore ? new session.MemoryStore() : undefined;

export function setupKeycloak(app: Express) {
  // Session Middleware
  const sessionConfig = {
    secret: process.env.SESSION_SECRET || 'rplace-secret-key',
    resave: false,
    saveUninitialized: true,
    store: memoryStore,
    cookie: {
      secure: process.env.NODE_ENV === 'production',
      httpOnly: true,
      maxAge: 24 * 60 * 60 * 1000, // 24 Stunden
    },
  };

  app.use(session(sessionConfig));

  // Keycloak initialisieren
  const keycloak = new Keycloak({ store: memoryStore }, keycloakConfig);

  // Keycloak Middleware
  app.use(keycloak.middleware({
    logout: '/logout',
    admin: '/',
  }));

  return keycloak;
}

export { keycloakConfig };