package zitadel

import "time"

// Conf configures the ZITADEL HTTP client.
type Conf struct {
	// Issuer is the ZITADEL instance URL (e.g. https://zitadel.example.com).
	Issuer string `json:",optional"`
	// APIBase overrides the base URL for Management API v2 calls; defaults to Issuer.
	APIBase string `json:",optional"`
	// ServiceUserToken is a PAT or service-account token for Management API (CreateUser, Deactivate).
	ServiceUserToken string `json:",optional,env=ZITADEL_SERVICE_TOKEN"`
	// DefaultOrgID is used when CreateHumanUserRequest.OrgID is empty.
	DefaultOrgID string `json:",optional,env=ZITADEL_DEFAULT_ORG_ID"`
	// OAuthClientID and OAuthClientSecret identify the Gateway OIDC application (password grant / social).
	OAuthClientID     string `json:",optional,env=ZITADEL_OAUTH_CLIENT_ID"`
	OAuthClientSecret string `json:",optional,env=ZITADEL_OAUTH_CLIENT_SECRET"`
	// Google OAuth app credentials (register/social flow, PR 6).
	GoogleClientID     string `json:",optional"`
	GoogleClientSecret string `json:",optional,env=ZITADEL_GOOGLE_CLIENT_SECRET"`
	// GoogleIdPID is the ZITADEL external IdP id for Google (optional idp_id authorize hint).
	GoogleIdPID string `json:",optional"`
	// LdapIdPID is the ZITADEL external IdP id for LDAP (optional idp_id authorize hint).
	LdapIdPID string `json:",optional,env=ZITADEL_LDAP_IDP_ID"`
	// JWKSUrl overrides OIDC JWKS endpoint; defaults to {Issuer}/oauth/v2/keys.
	JWKSUrl        string `json:",optional"`
	TimeoutSeconds int    `json:",optional"`
}

// Defaults returns zero-value-safe defaults.
func (c Conf) Defaults() Conf {
	if c.APIBase == "" {
		c.APIBase = c.Issuer
	}
	if c.TimeoutSeconds <= 0 {
		c.TimeoutSeconds = 15
	}
	return c
}

func (c Conf) timeout() time.Duration {
	return time.Duration(c.Defaults().TimeoutSeconds) * time.Second
}

// Enabled reports whether ZITADEL integration is configured.
func (c Conf) Enabled() bool {
	c = c.Defaults()
	return c.Issuer != "" && c.ServiceUserToken != ""
}