# Callback OAuth YouTube (HTML). Non usare Api::V1 — ActionController::API non renderizza le view.
class YoutubeOauthCallbackController < ActionController::Base
def show
return redirect_to_oauth_error("Codice OAuth mancante") if params[:code].blank?
ctx = Youtube::OauthState.verify!(params[:state])
tokens = Youtube::OauthExchange.call(params[:code])
if ctx[:kind] == :platform
@refresh_token = tokens[:refresh_token]
@channel_title = tokens[:channel_title]
return render "admin/youtube/platform_token", layout: false
end
user = User.find(ctx[:user_id])
team = Team.find(ctx[:team_id])
unless user.can_stream_for?(team) || team.club&.owned_by?(user)
return redirect_to_oauth_error("Non autorizzato a collegare YouTube per questa squadra")
end
cred = team.youtube_credential || team.build_youtube_credential
cred.update!(
access_token: tokens[:access_token],
refresh_token: tokens[:refresh_token] || cred.refresh_token,
expires_at: Time.current + tokens[:expires_in].seconds,
channel_id: tokens[:channel_id],
channel_title: tokens[:channel_title]
)
if ctx[:return_app]
redirect_to "matchlivetv://youtube-connected?team_id=#{team.id}", allow_other_host: true
else
redirect_to "#{public_base_url}/teams/#{team.id}/dettagli?youtube=connected", allow_other_host: true
end
rescue ArgumentError, Youtube::BroadcastService::Error => e
redirect_to_oauth_error(e.message)
end
private
def public_base_url
MatchLiveTv.app_public_url.chomp("/")
end
def redirect_to_oauth_error(message)
redirect_to "#{public_base_url}/prezzi?youtube_error=#{ERB::Util.url_encode(message)}",
allow_other_host: true
end
end