//! CLI module for user features
//!
//! The `sshca user` sub-command handles user-based operations, such
//! as signing an SSH user certificate.
mod login;

use std::time::Duration;

use argh::FromArgs;

use crate::MainResult;

/// Manage host keys and certificates
#[derive(FromArgs)]
#[argh(subcommand, name = "user")]
pub(crate) struct Args {
    #[argh(subcommand)]
    command: UserSubcommand,
}

#[derive(FromArgs)]
#[argh(subcommand)]
enum UserSubcommand {
    Login(LoginArgs),
}

/// Log in and obtain an SSH user certificate
#[derive(FromArgs)]
#[argh(subcommand, name = "login")]
struct LoginArgs {
    /// listen socket address for OIDC callback (default: 127.0.0.1:8976)
    #[argh(option, short = 'l')]
    callback_listen_address: Option<String>,

    /// oidc callback timeout, in seconds (default: 300)
    #[argh(option, short = 't')]
    callback_timeout: Option<u64>,
}

/// Main entry point for `sshca user`
pub(crate) async fn main(args: Args) -> MainResult {
    match args.command {
        UserSubcommand::Login(args) => login(args).await,
    }
}

/// Entry point for `sshca user login`
async fn login(args: LoginArgs) -> MainResult {
    let listen = match args.callback_listen_address {
        Some(s) => Some(s.parse()?),
        None => None,
    };
    let timeout = args.callback_timeout.map(Duration::from_secs);
    let url = super::get_sshca_server_url()?;
    let config = login::get_oidc_config(&url).await?;
    let token = login::login(config, listen, timeout).await?;
    println!("{}", token);
    Ok(())
}