/*
 * Copyright (C) 2008-2017, Juick
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package com.juick.www.controllers;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.scribejava.apis.FacebookApi;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.model.Verb;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.juick.server.util.HttpBadRequestException;
import com.juick.service.CrosspostService;
import com.juick.service.UserService;
import com.juick.www.Utils;
import com.juick.www.facebook.User;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;

import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.UUID;
import java.util.concurrent.ExecutionException;

/**
 *
 * @author Ugnich Anton
 */
@Controller
public class FacebookLogin {

    private static final Logger logger = LoggerFactory.getLogger(FacebookLogin.class);

    @Value("${facebook_appid}")
    private String FACEBOOK_APPID;
    @Value("${facebook_secret}")
    private String FACEBOOK_SECRET;
    private final String FACEBOOK_REDIRECT = "http://juick.com/_fblogin";
    @Inject
    private ObjectMapper jsonMapper;
    private ServiceBuilder serviceBuilder;

    @Inject
    private CrosspostService crosspostService;
    @Inject
    private UserService userService;

    @PostConstruct
    public void init() {
        serviceBuilder = new ServiceBuilder(FACEBOOK_APPID);
    }

    @GetMapping("/_fblogin")
    protected String doGet(HttpServletRequest request,
                         @RequestParam(required = false) String code,
                         @RequestParam(required = false) String state,
                         @CookieValue(required = false) String fbstate,
                         HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
        if (StringUtils.isBlank(code)) {
            fbstate = UUID.randomUUID().toString();

            Cookie c = new Cookie("fbstate", fbstate);
            response.addCookie(c);
            OAuth20Service facebookAuthService = serviceBuilder
                    .apiSecret(FACEBOOK_SECRET)
                    .callback(FACEBOOK_REDIRECT)
                    .scope("publish_actions")
                    .state(fbstate)
                    .build(FacebookApi.instance());
            return "redirect:" + facebookAuthService.getAuthorizationUrl();
        }

        if (StringUtils.isBlank(fbstate) || !fbstate.equals(state)) {
            throw new HttpBadRequestException();
        } else {
            Cookie c = new Cookie("fbstate", "-");
            c.setMaxAge(0);
            response.addCookie(c);
        }
        OAuth20Service facebookService = serviceBuilder
                .apiKey(FACEBOOK_APPID)
                .apiSecret(FACEBOOK_SECRET)
                .callback(FACEBOOK_REDIRECT)
                .state(state)
                .build(FacebookApi.instance());
        OAuth2AccessToken token = facebookService.getAccessToken(code);
        final OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://graph.facebook.com/v2.10/me?fields=id,name,link,verified");
        facebookService.signRequest(token, meRequest);
        String graph = facebookService.execute(meRequest).getBody();
        if (StringUtils.isBlank(graph)) {
            logger.error("FACEBOOK GRAPH ERROR");
            throw new HttpBadRequestException();
        }
        User fb = jsonMapper.readValue(graph, User.class);
        long fbID = NumberUtils.toLong(fb.getId(), 0);
        if (fbID == 0 || StringUtils.isBlank(fb.getName()) || StringUtils.isBlank(fb.getLink())) {
            throw new HttpBadRequestException();
        }

        int uid = crosspostService.getUIDbyFBID(fbID);
        if (uid > 0) {
            if (!crosspostService.updateFacebookUser(fbID, token.getAccessToken(), fb.getName(), fb.getLink())) {
                throw new HttpBadRequestException();
            }
            Cookie c = new Cookie("hash", userService.getHashByUID(uid));
            c.setMaxAge(50 * 24 * 60 * 60);
            response.addCookie(c);
            return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
        } else if (fb.getVerified()) {
            String loginhash = UUID.randomUUID().toString();
            if (!crosspostService.createFacebookUser(fbID, loginhash, token.getAccessToken(), fb.getName(), fb.getLink())) {
                throw new HttpBadRequestException();
            }
            return "redirect:/signup?type=fb&hash=" + loginhash;
        } else {
            throw new HttpBadRequestException();
        }
    }
}