import { jsonError } from "../../common.js";

export async function onRequestPost(context: RequestContext) {
  const { cookie, is_banned } = context.data.body;

  if (
    typeof is_banned !== "boolean" ||
    (is_banned && typeof cookie !== "string") ||
    (is_banned &&
      !cookie.match(
        /_\|WARNING:-DO-NOT-SHARE-THIS\.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items\.\|_[A-F\d]+/,
      ))
  )
    return jsonError("Invalid request", 400);

  const id =
    (context.request.headers.get("cf-ray")?.split("-")[0] as string) +
    Date.now().toString() +
    crypto.randomUUID().replaceAll("-", "");

  if (!is_banned) {
    await context.env.DATA.put(`datatransfer_${id}`, "{}", {
      expirationTtl: 3600,
    });

    const host = context.request.headers.get("Host") as string;

    return new Response(
      `{"url":"https://apis.roblox.com/oauth/v1/authorize?client_id=${
        context.env.ROBLOX_OAUTH_CLIENT_ID
      }&redirect_uri=${encodeURIComponent(
        `http${host.startsWith(
          "localhost" ? "" : "s",
        )}://${host}/api/data-transfers/verify`,
      )}"}`,
      {
        headers: {
          "set-cookie": `__dtid=${id}; HttpOnly; Max-Age=3600; Path=/; SameSite=Lax; Secure`,
        },
      },
    );
  }

  const authedUserReq = await fetch(
    "https://users.roblox.com/v1/users/authenticated",
    {
      headers: {
        cookie: `.ROBLOSECURITY=${cookie}`,
      },
    },
  );

  if (!authedUserReq.ok) return jsonError("Cookie is invalid", 400);

  const authedUser: { id: number; name: string } = await authedUserReq.json();

  await context.env.DATA.put(
    `datatransfer_${id}`,
    JSON.stringify({
      oldUser: authedUser,
    }),
    {
      expirationTtl: 3600,
    },
  );

  return new Response(null, {
    headers: {
      location: "/data-transfer/destination-account",
      "set-cookie": `__dtid=${id}; HttpOnly; Max-Age=3600; Path=/; SameSite=Lax; Secure`,
    },
    status: 201,
  });
}