import type { SDK, DefineAPI } from "caido:plugin";
import type { Request } from "caido:utils";
import { ImplicitGrantController } from "./controller/implictGrant";
import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
import { PKCECheck } from "./controller/PKCECheck";

export type API = DefineAPI<{}>;

const implicitGrantController = new ImplicitGrantController();
const authZCodeGrantController = new AuthZCodeGrantController();
const pkceCheck = new PKCECheck();

// function matchSSORequest(req: Request): boolean {
//   const raw = req.getRaw().toString();

//   // 조건 3: Raw request에 SAMLRequest 또는 SAMLResponse 포함
//   if (raw.includes("SAMLRequest=") || raw.includes("SAMLResponse=")) {
//     return true;
//   }

//   return false;
// }

// function matchAccessTokenResponse(resp: Response): boolean {
//   const raw = resp.getRaw().toString();

//   const match = /"access_token"\s*:\s*"([^"]+)"/.exec(raw);
//   return !!match;
// }

export function init(sdk: SDK<API>) {
  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
    const result =
      authZCodeGrantController.testReq(req) ||
      implicitGrantController.testReq(req);

    if (result) {
      await pkceCheck.test(sdk, req);

      await sdk.findings.create({
        title: "Possible SSO Request Detected",
        description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
        request: req,
        reporter: "",
      });
    }

  });
}