package s3browser

import (
	"context"
	"fmt"
	"io"
	"mime"
	"net/http"
	"path/filepath"
	"strings"
	"time"

	"github.com/golang-jwt/jwt"
	"github.com/gorilla/mux"
	"github.com/graphql-go/graphql"
	"github.com/graphql-go/graphql/gqlerrors"
	"github.com/graphql-go/handler"
	"github.com/minio/minio-go/v7"

	log "github.com/sirupsen/logrus"
)

type JWTClaims struct {
	jwt.StandardClaims
}

// initHttp setup and start the http server. Blocking
func initHttp(resolveContext context.Context, schema graphql.Schema, address string) error {
	r := mux.NewRouter()

	gqlHandler := handler.New(&handler.Config{
		Schema:     &schema,
		Pretty:     true,
		GraphiQL:   false,
		Playground: true,
		FormatErrorFn: func(err error) gqlerrors.FormattedError {
			switch err := err.(type) {
			case gqlerrors.FormattedError:
				log.Error("GQL: ", err.Message)
			case *gqlerrors.Error:
				log.Errorf("GQL: '%s' at '%v'", err.Message, err.Path)
			}
			return gqlerrors.FormatError(err)
		},
	})

	r.Use(func(h http.Handler) http.Handler {
		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {

			token := getTokenFromRequest(r)

			if token != "" {
				parsedToken, err := parseJWT(token)

				if err == nil && parsedToken.Valid {
					r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
				}
			}

			h.ServeHTTP(rw, r)
		})
	})

	r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
		gqlHandler.ContextHandler(resolveContext, rw, r)
	})

	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
		httpGetFile(resolveContext, rw, r)
	}).Methods("GET")

	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
		httpPostFile(resolveContext, rw, r)
	}).Methods("POST")

	r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")

	// Init the embedded static files
	initStatic(r)

	return http.ListenAndServe(address, r)
}

func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
	s3Client := ctx.Value("s3Client").(*minio.Client)
	id := r.URL.Query().Get("id")

	log.Debug("S3 call 'StatObject': ", id)
	objInfo, err := s3Client.StatObject(context.Background(), bucketName, id, minio.GetObjectOptions{})

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	reqEtag := r.Header.Get("If-None-Match")
	if reqEtag == objInfo.ETag {
		rw.WriteHeader(http.StatusNotModified)
		return
	}

	log.Debug("S3 call 'GetObject': ", id)
	obj, err := s3Client.GetObject(context.Background(), bucketName, id, minio.GetObjectOptions{})

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	rw.Header().Set("Cache-Control", "must-revalidate")
	rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filepath.Base((objInfo.Key))))
	rw.Header().Set("Content-Type", objInfo.ContentType)
	rw.Header().Set("ETag", objInfo.ETag)

	_, err = io.Copy(rw, obj)

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}
}

func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
	s3Client := ctx.Value("s3Client").(*minio.Client)

	id := r.URL.Query().Get("id")

	log.Debug("Upload file: ", id)

	contentType := r.Header.Get("Content-Type")
	mimeType, _, _ := mime.ParseMediaType(contentType)

	log.Debug("S3 call 'PutObject': ", id)
	info, err := s3Client.PutObject(context.Background(), bucketName, id, r.Body, r.ContentLength, minio.PutObjectOptions{
		ContentType: mimeType,
	})

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	// Invalidate cache
	invalidateCache(ctx, info.Key)

	rw.WriteHeader(http.StatusCreated)
}

//parseJWT parse a JWT. does not check if token is valid. Returns error if non was provided
func parseJWT(token string) (*jwt.Token, error) {
	if token == "" {
		return nil, fmt.Errorf("No token provided")
	}

	parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}
		return []byte("TODO"), nil
	})

	if err != nil {
		return nil, err
	}

	return parsed, nil

}

//getTokenFromRequest looks for a JWT in the "Authorization" header or in the cookies
func getTokenFromRequest(r *http.Request) string {
	// get token from header
	authHeader := strings.Split(r.Header.Get("Authorization"), "Bearer ")
	if len(authHeader) == 2 {
		return authHeader[1]
	}

	// Get cookie from cookie
	cookie, err := r.Cookie("jwt") //TODO: change cookie name

	if err == nil && len(cookie.Value) != 0 {
		return cookie.Value
	}

	return ""
}

//setLoginCookie if provieded a valid JWT in the body then set a httpOnly cookie with the token
func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
	body, err := io.ReadAll(r.Body)
	defer r.Body.Close()

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	tokenString := string(body)

	token, err := parseJWT(tokenString)

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	if !token.Valid {
		rw.WriteHeader(http.StatusUnauthorized)
		return
	}

	claims, ok := token.Claims.(jwt.MapClaims)

	if !ok {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	cookie := &http.Cookie{
		Name:     "jwt",
		Value:    tokenString,
		HttpOnly: true,
		SameSite: http.SameSiteStrictMode,
		Path:     "/api",
		Expires:  time.Unix(int64(claims["exp"].(float64)), 0),
	}

	http.SetCookie(rw, cookie)

	rw.WriteHeader(http.StatusNoContent)
}