/**
 * One-time script to generate a Gmail OAuth2 refresh token.
 * Run once, copy the refresh token into .env, then delete this file.
 *
 * Usage:
 *   node get-refresh-token.js
 *
 * Prerequisites:
 *   - GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET set in .env (or exported in shell)
 *   - In Google Cloud Console → OAuth 2.0 Client → Authorized redirect URIs:
 *     add http://localhost:3000/oauth2callback
 */

require('dotenv').config();
const { google } = require('googleapis');
const http = require('http');
const url = require('url');

const CLIENT_ID = process.env.GOOGLE_CLIENT_ID;
const CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET;
const REDIRECT_URI = 'http://localhost:3000/oauth2callback';

if (!CLIENT_ID || !CLIENT_SECRET) {
  console.error('GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET must be set in .env');
  process.exit(1);
}

const oauth2Client = new google.auth.OAuth2(CLIENT_ID, CLIENT_SECRET, REDIRECT_URI);

const authUrl = oauth2Client.generateAuthUrl({
  access_type: 'offline',
  prompt: 'consent', // forces refresh_token to be returned even if previously authorized
  scope: [
    'https://www.googleapis.com/auth/gmail.readonly',
    'https://www.googleapis.com/auth/gmail.send',
    'https://www.googleapis.com/auth/gmail.modify',
  ],
});

console.log('\n=== Gmail OAuth2 Token Generator ===\n');
console.log('1. Open this URL in your browser:\n');
console.log(authUrl);
console.log('\n2. Authorize the app with your support Gmail account.');
console.log('3. You will be redirected to localhost — this script will capture the token.\n');

// Temporary local server to capture the callback
const server = http.createServer(async (req, res) => {
  const parsed = url.parse(req.url, true);
  if (parsed.pathname !== '/oauth2callback') {
    res.end('Not found');
    return;
  }

  const code = parsed.query.code;
  if (!code) {
    res.end('No code received.');
    server.close();
    return;
  }

  try {
    const { tokens } = await oauth2Client.getToken(code);
    res.end('<h2>Success! Check your terminal for the refresh token.</h2><p>You can close this tab.</p>');
    server.close();

    console.log('\n=== SUCCESS ===\n');
    console.log('Add this to your .env:\n');
    console.log(`REFRESH_TOKEN=${tokens.refresh_token}`);
    if (!tokens.refresh_token) {
      console.log('\nWARNING: No refresh_token returned.');
      console.log('Go to https://myaccount.google.com/permissions and revoke access for your app, then run this script again.');
    }
    console.log('\nAll tokens (for reference):');
    console.log(JSON.stringify(tokens, null, 2));
  } catch (err) {
    res.end('Error exchanging code: ' + err.message);
    server.close();
    console.error('Error:', err);
  }
});

server.listen(3000, () => {
  console.log('Waiting for OAuth callback on http://localhost:3000 ...\n');
});