package registry

import (
	"bytes"
	"context"
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/base64"
	"encoding/gob"
	"encoding/json"
	"encoding/pem"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"strings"
	"sync"
	"time"

	"git.capotej.com/capotej/communique/config"
	"git.capotej.com/capotej/communique/models"
	"git.capotej.com/capotej/communique/tools"
	"git.capotej.com/capotej/communique/urls"
	"git.capotej.com/capotej/communique/views"
	"github.com/go-fed/activity/streams"
	"github.com/go-fed/activity/streams/vocab"
	"github.com/go-fed/httpsig"
	"go.uber.org/zap"
)

type Handler struct {
	handlerCfg config.Handler
}

// TODO rename to controller and controller.go
type Registry struct {
	cfg        config.Config
	persister  *models.Persister
	handlerMap map[string]Handler
	log        *zap.SugaredLogger
	signer     httpsig.Signer
	mu         sync.Mutex
}

func NewRegistry(cfg config.Config, persister *models.Persister, log *zap.SugaredLogger) (*Registry, error) {
	reg := Registry{cfg: cfg, persister: persister, log: log}
	reg.handlerMap = make(map[string]Handler)
	for _, v := range cfg.Handlers {
		reg.handlerMap[v.Name] = Handler{handlerCfg: v}
		err := generateKeypairIfNeeded(v, persister)
		if err != nil {
			return nil, err
		}
	}
	return &reg, nil
}

func generateKeypairIfNeeded(v config.Handler, p *models.Persister) error {
	kp, err := models.CreateKeypair(v)
	if err != nil {
		return err
	}
	err = p.Store(kp)
	if err != nil {
		return err
	}
	return nil
}

func (r *Registry) Actor(name string) (map[string]interface{}, error) {
	handler := r.findByName(name)
	if handler == nil {
		return nil, nil
	}
	aso := models.NewKeypair(handler.handlerCfg)
	result, err := r.persister.Find(aso)
	if err != nil {
		return nil, err
	}
	buf := bytes.NewBuffer(result)
	dec := gob.NewDecoder(buf)
	var keypair models.Keypair
	err = dec.Decode(&keypair)
	if err != nil {
		return nil, err
	}
	privKey := &keypair.PrivateKey
	pemdata := pem.EncodeToMemory(
		&pem.Block{
			Type:  "PUBLIC KEY",
			Bytes: x509.MarshalPKCS1PublicKey(&privKey.PublicKey),
		},
	)
	return views.RenderActor(handler.handlerCfg.Name, r.cfg.Domain, string(pemdata))
}

func (r *Registry) OutboxCollection(name string) (map[string]interface{}, error) {
	handler := r.findByName(name)
	if handler == nil {
		return nil, nil
	}
	aso := models.NewOutboxItem(handler.handlerCfg)
	page, err := r.persister.Collect(aso)
	if err != nil {
		return nil, err
	}
	var outboxItems []models.OutboxItem
	for _, v := range page { //TODO pagination
		buf := bytes.NewBuffer(v)
		dec := gob.NewDecoder(buf)
		var outboxItem models.OutboxItem
		err = dec.Decode(&outboxItem)
		if err != nil {
			return nil, err
		}
		outboxItems = append(outboxItems, outboxItem)
	}
	return views.RenderOutboxCollection(handler.handlerCfg.Name, r.cfg.Domain, outboxItems)
}

func (r *Registry) Following(name string) (map[string]interface{}, error) {
	handler := r.findByName(name)
	if handler == nil {
		return nil, nil
	}
	profile, err := urls.UrlProfile(name, r.cfg.Domain)
	if err != nil {
		return nil, err
	}
	following, err := urls.UrlFollowing(name, r.cfg.Domain)
	if err != nil {
		return nil, err
	}
	result := make(map[string]interface{})
	result["@context"] = "https://www.w3.org/ns/activitystreams"
	result["attributedTo"] = profile.String()
	result["id"] = following.String()
	result["totalItems"] = 0
	result["orderedItems"] = []bool{}
	result["type"] = "OrderedCollection"
	return result, nil
}

func (r *Registry) Followers(name string) (map[string]interface{}, error) {
	handler := r.findByName(name)
	if handler == nil {
		return nil, nil
	}
	profile, err := urls.UrlProfile(name, r.cfg.Domain)
	if err != nil {
		return nil, err
	}
	followers, err := urls.UrlFollowers(name, r.cfg.Domain)
	if err != nil {
		return nil, err
	}
	result := make(map[string]interface{})
	result["@context"] = "https://www.w3.org/ns/activitystreams"
	result["attributedTo"] = profile.String()
	result["id"] = followers.String()
	result["totalItems"] = 0
	result["orderedItems"] = []bool{}
	result["type"] = "OrderedCollection"
	return result, nil
}

func (r *Registry) Inbox(name string, req *http.Request, payload []byte) error {
	handler := r.findByName(name)
	if handler == nil {
		return nil
	}

	domainUrl, err := url.Parse(r.cfg.Domain)
	if err != nil {
		return err
	}

	logger := r.log.With("type", "inbox")

	if req.Host != domainUrl.Host {
		logger.Warnf("%s != %s, configured domain should match incoming Host: header otherwise things may not work right. You'll need to enable 'ProxyPreserveHost' (for apache2) or proxy_set_header Host $host; (for nginx)", req.Host, r.cfg.Domain)
	}

	ctx := context.Background()

	person, verifyError := tools.VerifyRequest(ctx, req, r.log)
	if verifyError != nil {
		return verifyError
	}

	var followData map[string]interface{}
	err = json.Unmarshal(payload, &followData)
	if err != nil {
		return err
	}

	actorUrl, err := urls.UrlProfile(handler.handlerCfg.Name, r.cfg.Domain)
	if err != nil {
		return err
	}

	resolver, err := streams.NewJSONResolver(func(c context.Context, follow vocab.ActivityStreamsFollow) error {
		// Follow
		idProp := person.GetJSONLDId()
		idPropUrl := idProp.Get()
		inboxProp := person.GetActivityStreamsInbox()
		url := inboxProp.GetIRI()
		logger.With("actor", idPropUrl).With("inbox", url).Debugf("follow")

		actorKeyUrl, err := urls.UrlProfileKey(handler.handlerCfg.Name, r.cfg.Domain)
		if err != nil {
			return err
		}

		r.deliverAcceptToInbox(url, actorUrl, actorKeyUrl, follow, handler.handlerCfg)
		// subscribeActorToHandler()
		return nil
	}, func(c context.Context, note vocab.ActivityStreamsUndo) error {
		// Unfollow
		idProp := person.GetJSONLDId()
		idPropUrl := idProp.Get()
		inboxProp := person.GetActivityStreamsInbox()
		url := inboxProp.GetIRI()
		logger.With("actor", idPropUrl).With("inbox", url).Debugf("undo")
		return nil
	})
	err = resolver.Resolve(ctx, followData)

	return err
}

func (r *Registry) deliverAcceptToInbox(url, actorUrl, actorKeyUrl *url.URL, follow vocab.ActivityStreamsFollow, handler config.Handler) error {
	accept := streams.NewActivityStreamsAccept()
	actorProp := streams.NewActivityStreamsActorProperty()
	actorProp.AppendIRI(actorUrl)
	accept.SetActivityStreamsActor(actorProp)
	objProp := streams.NewActivityStreamsObjectProperty()
	objProp.AppendActivityStreamsFollow(follow)
	accept.SetActivityStreamsObject(objProp)
	payload, err := streams.Serialize(accept)
	if err != nil {
		return err
	}
	jsonData, err := json.Marshal(payload)

	aso := models.NewKeypair(handler)
	result, err := r.persister.Find(aso)
	if err != nil {
		return err
	}
	buf := bytes.NewBuffer(result)
	dec := gob.NewDecoder(buf)
	var keypair models.Keypair
	err = dec.Decode(&keypair)
	if err != nil {
		return err
	}
	privKey := &keypair.PrivateKey

	request, err := http.NewRequest("POST", url.String(), bytes.NewBuffer(jsonData))
	date := time.Now().UTC().Format(http.TimeFormat)
	request.Header.Set("Date", date)
	request.Header.Set("Content-Type", "application/activity+json")
	request.Header.Set("Host", url.Host)

	h := sha256.New()
	h.Write(jsonData)
	digestHeader := base64.StdEncoding.Strict().EncodeToString(h.Sum(nil))
	request.Header.Add("Digest", "SHA-256="+digestHeader)
	request.Header.Add("Content-Type", "application/activity+json")

	signedString := fmt.Sprintf("(request-target): post %s\ndate: %s\ndigest: %s\nhost: %s", url.Path, date, digestHeader, url.Host)

	r.log.With(
		"type",
		"delivery",
	).With(
		"payload",
		payload,
	).With(
		"signature string",
		signedString,
	).With(
		"host",
		request.Header.Get("host"),
	).Debugf("signing request")

	digestBytes := sha256.Sum256([]byte(signedString))

	fmt.Println()
	fmt.Println()
	fmt.Println("'" + signedString + "'")
	fmt.Println()
	fmt.Println()

	r.mu.Lock()
	signature, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA256, digestBytes[:])
	if err != nil {
		return err
	}

	// verify our own signature to ensure sanity
	err = rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, digestBytes[:], signature)
	if err != nil {
		return err
	} else {
		r.log.With("type", "delivery").Debugf("verified own signature")
	}
	r.mu.Unlock()

	b64sig := base64.StdEncoding.Strict().EncodeToString(signature)
	var header = `keyId="` + actorKeyUrl.String() + `",algorithm="hs2019	",headers="(request-target) date digest host",signature="` + b64sig + `"`
	request.Header.Add("Signature", header)

	//http sig signing code - broken?
	// r.mu.Lock()
	// prefs := []httpsig.Algorithm{}
	// digestAlgorithm := httpsig.DigestSha256
	// // The "Date" and "Digest" headers must already be set on r, as well as r.URL.
	// headersToSign := []string{httpsig.RequestTarget, "host", "date", "digest", "content-type"}
	// signer, _, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature, 100)
	// if err != nil {
	// 	return err
	// }
	// // To sign the digest, we need to give the signer a copy of the body...
	// // ...but it is optional, no digest will be signed if given "nil"
	// // body := nil
	// // If r were a http.ResponseWriter, call SignResponse instead.
	// err = signer.SignRequest(privKey, actorKeyUrl.String(), request, jsonData)
	// r.mu.Unlock()

	// // HACK
	// oldSig := request.Header.Get("signature")
	// request.Header.Set("signature", strings.ReplaceAll(oldSig, "hs2019", "rsa-sha256"))

	r.log.With(
		"type",
		"delivery",
	).With(
		"inbox",
		url.String(),
	).With(
		"digest",
		request.Header.Get("digest"),
	).With(
		"signature",
		request.Header.Get("signature"),
	).With(
		"actor",
		actorUrl.String(),
	).Debug("sending signed accept request")

	client := &http.Client{}
	response, err := client.Do(request)
	if err != nil {
		return fmt.Errorf("could not send accept request: %w", err)
	}
	responseBody, err := io.ReadAll(response.Body)
	defer response.Body.Close()
	r.log.With("type", "delivery").With("response", responseBody).With("status", response.Status).Debugf("received")
	return err
}

func (r *Registry) ActivityOrNote(activityOrNote, name, id string) (map[string]interface{}, error) {
	handler := r.findByName(name)
	if handler == nil {
		return nil, nil
	}
	lookup := models.NewOutboxItem(handler.handlerCfg)
	lookup.Id = []byte(id)
	result, err := r.persister.Find(lookup)
	if err != nil {
		return nil, err
	}
	if result == nil {
		return nil, nil
	}
	buf := bytes.NewBuffer(result)
	dec := gob.NewDecoder(buf)
	var outboxItem models.OutboxItem
	err = dec.Decode(&outboxItem)
	if err != nil {
		return nil, err
	}
	if activityOrNote == "activity" {
		return views.RenderActivity(handler.handlerCfg.Name, r.cfg.Domain, outboxItem)
	}
	return views.RenderNote(handler.handlerCfg.Name, r.cfg.Domain, outboxItem)
}

// This has to handle various lookup formats:
// ?resource=acct:actor@domain
// ?resource=actor@domain
// ?resource=actor
// ?resource=acct:actor
func (r *Registry) Webfinger(fqn string) (*views.WebfingerResource, error) {
	// Strip away acct: prefix, if found
	fqn = strings.TrimPrefix(fqn, "acct:")

	// Strip away @domain suffix, if found
	domainUrl, err := url.Parse(r.cfg.Domain)
	if err != nil {
		return nil, err
	}
	hostname := "@" + domainUrl.Hostname()
	fqn = strings.TrimSuffix(fqn, hostname)

	// We should just have $actor left
	handler := r.findByName(fqn)
	if handler == nil {
		return nil, nil
	}
	return views.RenderWebfinger(handler.handlerCfg.Name, r.cfg.Domain, hostname)
}

func (r *Registry) findByName(name string) *Handler {
	handler, ok := r.handlerMap[name]
	if !ok {
		return nil
	}
	return &handler
}