-- Load this file in `nginx.conf`:
--
-- ```
-- server {
--   access_by_lua_file /path/to/do_access.lua;
--   …
-- }
-- ```

local nginx = require("ssso_nginx")

local req_data = nginx.class__request:current()

if req_data:is("/.well-known/webfinger")
  and req_data:has_param("rel", "http://openid.net/specs/connect/1.0/issuer")
  and req_data:has_param("resource")
then
	-- https://openid.net/specs/openid-connect-discovery-1_0.html
	local oauth2 = require("ssso_oauth2")
	return oauth2.answer_oidc_webfinger(req_data)
end

local conf  = require("ssso_config")
local sess  = require("ssso_sessions")
local sites = require("ssso_sites")

local sso_prefix = conf.get_sso_prefix()
local auth, status = sess.get_session()

if req_data:starts_with(sso_prefix) then

  -- SSO-specific URL

  if req_data:starts_with(sso_prefix .. "/login") then
		local login = require("ssso_login")
		return login.answer_request(req_data)
	elseif req_data:starts_with(sso_prefix .. "/oauth2") then
		local oauth2 = require("ssso_oauth2")
		return oauth2.answer_request(req_data, auth)
	elseif auth then
		local portal = require("ssso_portal")
		return portal.answer_request(req_data, auth)
	else
    return nginx.redirect_to_login(req_data, status)
  end
else

  -- application URL

  return sites.handle_request(req_data, auth)
end