<?php require '/src/base.php' ?>
<?php

$instance = resolve_instance($_GET['instance'] ?? '');
if ($instance === false) {
	hres_json(400, ERR, lr('error.instance_not_exists',
		'Instance does not exist or is incorrect.'));
}

$app_name      = conf('app_name', 'RealFan');
$site_name     = conf('site_name', HOST_DEV);
$redirect_uris = conf('site_name', HOST_DEV).'/signup/mastodon:oauth';
$scopes        = 'read:accounts write';

# create the Authorization App
$ch = curl_init($instance.'/api/v1/apps');
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
	'client_name'	=> $app_name,
	'redirect_uris'	=> $redirect_uris,
	'website'		=> $site_name,
	'scopes' 		=> $scopes,
]));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);


# result must be JSON
$result = @json_decode($result);
if ($result === null) {
	hres_json(500, ERR, lr('error.instance_failed_or_not_mastodon',
		'Instance failed to create an authorization App. Is it an instance?'));
}

# return authentication data
$payload = [
	'instance'		=> $instance,
	'result'		=> &$result,
	'response_type'	=> 'code',
	'scope'			=> $scopes
];
$ID = sha1($result->client_id.$result->client_secret);
file_put_contents('/tmp/oauth-'.$ID, json_encode($payload));

$payload['id'] = $ID;
unset($result->id);
unset($result->name);
unset($result->website);
unset($result->vapid_key);
unset($result->client_secret);

hres_json(200, OK, $payload);