{
    admin off
    atproto {
        storage_path ./e2e.db
        cookie_secret "testing-secret-must-be-at-least-32-bytes-long"
    }
}

# --- Scenario 1: Standalone App ---
# Acts as its own portal.
http://localhost:8081 {
    route {
        atproto_gate {
            # Standalone mode enabled by setting 'domain'
            domain localhost:8081
            allow @vvill.dev
        }

        # Protected content
        respond "Welcome to Standalone App! You are authenticated."
    }
}

# --- Scenario 2: Centralized Auth Hub ---

# The Portal (Identity Provider)
http://localhost:8082 {
    route {
        atproto_portal {
            domain localhost:8082
            name "Local E2E Hub"
        }
    }
}

# The Service (Relying Party)
# Redirects users to port 8082 for login
http://localhost:8083 {
    route {
        atproto_gate {
            # Auth Hub mode (no 'domain' set)
            portal_url http://localhost:8082
            allow @vvill.dev
        }

        respond "Welcome to Service App! You authenticated via the Hub."
    }
}
