/*
 * Copyright (C) 2008-2023, Juick
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

package com.juick.service;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.juick.model.AnonymousUser;
import com.juick.model.User;
import com.juick.util.DateFormattersHolder;
import com.juick.www.api.activity.model.Context;
import com.juick.www.api.activity.model.objects.Actor;
import jakarta.annotation.PostConstruct;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.core.convert.ConversionService;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
import org.tomitribe.auth.signatures.Base64;

import javax.annotation.Nonnull;
import javax.inject.Inject;
import java.io.IOException;
import java.net.URI;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.util.List;
import java.util.Optional;

@Repository
public class ActivityPubService extends BaseJdbcService implements SocialService {

    private static final Logger logger = LoggerFactory.getLogger("ActivityPub");

    @Value("${ap_base_uri:http://localhost:8080/}")
    private String baseUri;
    @Inject
    private UserService userService;
    @Inject
    private OkHttpClient httpClient;
    @Inject
    private ObjectMapper jsonMapper;
    @Inject
    private SignatureService signatureService;
    @Inject
    private User serviceUser;
    @Inject
    private ConversionService conversionService;

    private boolean isPublic;

    @PostConstruct
    public void init() {
        UriComponents baseUriComponents = UriComponentsBuilder.fromUriString(baseUri).build();
        isPublic = baseUriComponents.getScheme().equals("https");
        logger.info("Signed GET requests enabled: {}", isPublic);
    }
    @Transactional(readOnly = true)
    @Override
    public @Nonnull User getUserByAccountUri(String acct) {
        UriComponents baseUriComponents = UriComponentsBuilder.fromUriString(baseUri).build();
        UriComponents acctComponents = UriComponentsBuilder.fromUriString(acct).build();
        if (acctComponents.getHost().equals(baseUriComponents.getHost())) {
            // /u/ugnich -> ugnich
            String userName = acctComponents.getPath().substring(3);
            return userService.getUserByName(userName);
        }
        return AnonymousUser.INSTANCE;
    }

    @Transactional(readOnly = true)
    @Override
    public @Nonnull List<String> getFollowers(User user) {
        return getJdbcTemplate().queryForList("SELECT acct FROM followers WHERE user_id=?", String.class,
                user.getUid());
    }

    @Transactional
    @Override
    public void addFollower(User user, String acct) {
        try {
            getJdbcTemplate().update("INSERT INTO followers(user_id, acct) " +
                    "VALUES(?, ?)", user.getUid(), acct);
        } catch (DuplicateKeyException e) {
            // ignore
        }
    }

    @Transactional
    @Override
    public void removeFollower(User user, String acct) {
        getJdbcTemplate().update("DELETE FROM followers WHERE user_id=? AND acct=?", user.getUid(), acct);
    }

    @Transactional
    @Override
    public void removeAccount(String acct) {
        getJdbcTemplate().update("DELETE FROM followers WHERE acct=?", acct);
    }

    @Cacheable(value = "profiles", key="#contextUri")
    public Optional<Context> get(URI contextUri) {
        Instant now = Instant.now();
        String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
        String host = contextUri.getPort() > 0 ? String.format("%s:%d", contextUri.getHost(), contextUri.getPort())
                : contextUri.getHost();
        var from = conversionService.convert(serviceUser, Actor.class);
        try {
            var request = new Request.Builder()
                    .url(contextUri.toURL())
                    .addHeader(HttpHeaders.ACCEPT, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE);
            if (isPublic) {
                String signatureString = signatureService.addSignature(from, host, "get", contextUri.getPath(), requestDate,
                        "");
                request.addHeader(HttpHeaders.DATE, requestDate)
                        .addHeader(HttpHeaders.HOST, host)
                        .addHeader("Signature", signatureString);
            }
            try (var response = httpClient.newCall(request.build()).execute()) {
                if (response.isSuccessful() && response.body() != null) {
                    var context = jsonMapper.readValue(response.body().string(), Context.class);
                    return Optional.of(context);
                }
            }
        } catch (Exception e) {
            logger.warn("HTTP Signature exception reading {}: {}", contextUri.toASCIIString(), e.getMessage());
        }
        return Optional.empty();
    }

    public int post(Actor from, Actor to, Context data) throws IOException, NoSuchAlgorithmException, InterruptedException {
        UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox());
        URI inbox = uriComponentsBuilder.build().toUri();
        Instant now = Instant.now();
        String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
        String host = inbox.getPort() > 0 ? String.format("%s:%d", inbox.getHost(), inbox.getPort()) : inbox.getHost();
        var finalContext = Context.build(data);
        var payload = jsonMapper.writeValueAsString(finalContext);
        final byte[] digest = MessageDigest.getInstance("SHA-256").digest(payload.getBytes()); // (1)
        final String digestHeader = "SHA-256=" + new String(Base64.encodeBase64(digest));
        String signatureString = signatureService.addSignature(from, host, "post", inbox.getPath(), requestDate,
                digestHeader);
        var body = RequestBody.create(payload, MediaType.get(Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE));
        var request = new Request.Builder()
                .url(inbox.toASCIIString())
                .post(body)
                .addHeader(HttpHeaders.DATE, requestDate)
                .addHeader(HttpHeaders.CONTENT_TYPE, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE)
                .addHeader("Digest", digestHeader)
                .addHeader("Signature", signatureString)
                .build();
        logger.debug("Sending context to {}: {}", to.getId(), payload);
        try (var response = httpClient.newCall(request).execute()) {
            return response.code();
        }
    }
}