local rapidjson = require('rapidjson')

local clientId = {{ getenv "CLIENT_ID" }}
local clientSecret = {{ getenv "CLIENT_SECRET" }}
local username = {{ getenv "OAUTH_ADMIN_USER" }}
local password = {{ getenv "OAUTH_ADMIN_PASSWORD" }}
local tokenUrl = {{ getenv "GRANT_URL" }}
local userUrl = {{ "USER_URL" }}

function os.capture(cmd, raw)
  local f = assert(io.popen(cmd, 'r'))
  local s = assert(f:read('*a'))
  f:close()

  return s
end

function auth_userdb_lookup(req)
	local tokenCmd = "curl -L --silent -X POST -d \"grant_type=password\"" 
	tokenCmd = tokenCmd .. " -d \"client_id=" .. clientId .. "\""
	tokenCmd = tokenCmd .. " -d \"client_secret=" .. clientSecret .. "\""
	tokenCmd = tokenCmd .. " -d \"username=" .. username .. "\""
	tokenCmd = tokenCmd .. " -d \"password=" .. password .. "\""
	tokenCmd = tokenCmd .. " \"" .. tokenUrl .. "\""

	local tokenRaw = os.capture(tokenCmd)
	local tokenJson = rapidjson.decode(tokenRaw)
	local accessToken = tokenJson.access_token

	local userCmd = "curl -L --silent -H \"Authorization: Bearer " .. accessToken .. "\" \"" .. userUrl .. req.username .. "\""
	local userRaw = os.capture(userCmd)
	local userJson = rapidjson.decode(userRaw)

	if #userJson == 0 then
		return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
	end

	if userJson[1].username == req.username then
		return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/%n"
	end

	return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
end