<?php

namespace NoccyLabs\Mercureact\Http;

use NoccyLabs\Mercureact\Broker\Message;
use NoccyLabs\Mercureact\Broker\TopicManager;
use NoccyLabs\Mercureact\Configuration;
use NoccyLabs\Mercureact\Http\Exeption\RequestException;
use NoccyLabs\Mercureact\Http\Exeption\SecurityException;
use NoccyLabs\React\WebSocket\WebSocketConnection;
use NoccyLabs\React\WebSocket\WebSocketMiddleware;
use NoccyLabs\SimpleJWT\JWTToken;
use NoccyLabs\SimpleJWT\Key\JWTPlaintextKey;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use React\EventLoop\Loop;
use React\EventLoop\LoopInterface;
use React\Http\HttpServer;
use React\Http\Message\Response;
use React\Promise\Promise;
use React\Promise\PromiseInterface;
use React\Socket\ServerInterface;
use React\Stream\ThroughStream;
use SplObjectStorage;
use Symfony\Component\Uid\Uuid;
use Throwable;

class Server
{
    private Configuration $config;

    private LoopInterface $loop;

    private HttpServer $server;

    private WebSocketMiddleware $webSocket;

    private SplObjectStorage $webSocketClients;

    private SplObjectStorage $eventClients;

    private TopicManager $topicManager;

    public static string $indexPage;

    /**
     * 
     * 
     */
    public function __construct(Configuration $config, array $options=[], ?LoopInterface $loop=null)
    {
        $this->loop = $loop??Loop::get();

        $this->config = $config;

        $this->topicManager = new TopicManager();

        $this->server = $this->createHttpServer($options);
        
        $this->webSocket = new WebSocketMiddleware();

        $this->eventClients = new SplObjectStorage();
        $this->webSocketClients = new SplObjectStorage();
        $this->webSocket->on(WebSocketMiddleware::EVENT_CONNECTION, $this->onWebSocketConnection(...));
    }

    /**
     * 
     * 
     * @return void
     */
    public function listen(ServerInterface $socket): void
    {
        $this->server->listen($socket);
    }

    /**
     * 
     * @return HttpServer
     */
    private function createHttpServer(array $options): HttpServer
    {
        return new HttpServer(
            $this->rejectionWrappingMiddleware(...),
            $this->checkRequestSecurityMiddleware(...),
            $this->handleWebSocketRequest(...),
            $this->handleMercureRequest(...),
            $this->handleApiRequest(...),
            $this->handleNotFound(...)
        );
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @return PromiseInterface
     */
    private function handleNotFound(ServerRequestInterface $request): PromiseInterface
    {
        return new Promise(
            function ($resolve) { 
                $resolve(Response::plaintext("Not found")->withStatus(404));
            }
        );
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @param callable $next
     * @return PromiseInterface
     */
    private function rejectionWrappingMiddleware(ServerRequestInterface $request, callable $next): PromiseInterface
    {
        $promise = new Promise(
            function (callable $resolve) use ($request, $next) {
                $resolve($next($request));
            }
        );
        return $promise->then(
            function ($response) {
                if ($response instanceof ResponseInterface) {
                    return $response;
                }
                if (is_array($response)) {
                    return Response::json($response);
                }
                if (is_string($response)) {
                    return Response::plaintext($response);
                }
                return Response::plaintext((string)$response);
            },
            function (Throwable $t) {
                if ($t instanceof SecurityException) {
                    return Response::plaintext("Access Denied")->withStatus(Response::STATUS_UNAUTHORIZED);
                }
                return Response::plaintext("500: Internal Server Error (".$t->getMessage().")\n")->withStatus(500);
            }
        )->then(
            function ($response) use ($request) {
                assert("\$response instanceof ResponseInterface");
                $host = ($request->getServerParams()['SERVER_ADDR']??"");
                        //. ":" . ($request->getServerParams()['SERVER_PORT']??"80");
                fprintf(STDOUT, "%s %3d %s %s %d\n", 
                    $request->getServerParams()['REMOTE_ADDR'], 
                    $response->getStatusCode(), 
                    $request->getMethod(), 
                    $request->getUri()->getPath(), 
                    strlen($response->getBody())
                );
                return $response
                    ->withAddedHeader('Link', '<https://'.$host.'/.well-known/mercure>; rel="mercure"')
                    ->withAddedHeader('Link', '<wss://'.$host.'/.well-known/mercure>; rel="mercure+ws"')
                    ->withHeader('Access-Control-Allow-Origin', '*')
                    ->withHeader('Content-Security-Policy', "default-src * 'self' http: 'unsafe-eval' 'unsafe-inline'; connect-src * 'self'")
                    ->withHeader('Cache-Control', 'must-revalidate')
                    ->withHeader('Server', 'Mercureact/0.1.0');
            }
        );
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @param callable $next
     * @return PromiseInterface
     */
    private function checkRequestSecurityMiddleware(ServerRequestInterface $request, callable $next): PromiseInterface
    {
        return new Promise(
            function (callable $resolve, callable $reject) use ($request, $next) {
                // Check JWT in authorization header or authorization query param
                $request = $this->checkAuthorization($request);

                $resolve($next($request));
            }
        );
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @return ServerRequestInterface
     */
    private function checkAuthorization(ServerRequestInterface $request): ServerRequestInterface
    {
        $authorization = $request->getHeaderLine('authorization');
        if (str_starts_with(strtolower($authorization), "bearer ")) {
            $jwt = substr($authorization, strpos($authorization, " ")+1);
            $key = new JWTPlaintextKey($this->config->getJwtSecret());
            $tok = new JWTToken($key, $jwt);
            if (!$tok->isValid()) {
                throw new SecurityException(message:"Invalid token", code:SecurityException::ERR_ACCESS_DENIED);
            }
            $mercureClaims = $tok->claims->get('mercure');
            return $request
                ->withAttribute('authorization', $tok);
        } else {
            return $request
                ->withAttribute('authorization', null);

        }
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @param callable $next
     * @return PromiseInterface
     */
    private function handleMercureRequest(ServerRequestInterface $request, callable $next): PromiseInterface
    {
        return new Promise(
            function (callable $resolve, callable $reject) use ($next, $request) {
                if ($request->getUri()->getPath() == "/.well-known/mercure") {
                    if ($request->getMethod() == 'POST') {
                        $resolve($this->handleMercurePublish($request));
                        return;
                    }
                    $resolve($this->handleMercureClient($request));
                } else {
                    $resolve($next($request));
                }
            }
        );
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @return ResponseInterface
     */
    private function handleMercureClient(ServerRequestInterface $request): ResponseInterface
    {
        $tok = $request->getAttribute('authorization');
        if ($tok instanceof JWTToken) {
            $claims = $tok->claims->getAll();
            if (isset($claims['mercure']['subscribe'])) {
                $subscribeClaims = $claims['mercure']['subscribe'];
                // TODO check topic against subscribeClaims
            }            
        }

        $responseStream = new ThroughStream();

        $response = new Response(
            body: $responseStream
        );

        $this->eventClients->attach($responseStream, $request);
        $responseStream->on('close', function () use ($responseStream) {
            $this->eventClients->detach($responseStream);;
        });

        return $response
            ->withHeader("Cache-Control", "no-store")
            ->withHeader("Content-Type", "text/event-stream");
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @return ResponseInterface
     */
    private function handleMercurePublish(ServerRequestInterface $request): ResponseInterface
    {
        if ($request->getHeaderLine('content-type') !== 'application/x-www-form-urlencoded') {
            throw new \Exception("Invalid request");
        }

        // Grab the JWT token from the requests authorization attribute
        $tok = $request->getAttribute('authorization');
        if ($tok instanceof JWTToken) {
            $claims = $tok->claims->getAll();
            if (isset($claims['mercure']['publish'])) {
                $publishClaims = $claims['mercure']['publish'];
                // TODO check topic against publishClaims
            }
        }

        // Parse out the urlencoded body. Pretty sure there is a better way to do this?
        $body = explode("&", (string)$request->getBody());
        $data = [];
        foreach ($body as $param) {
            if (!str_contains($param, "=")) throw new RequestException("Invalid request data", RequestException::ERR_INVALID_REQUEST_DATA);
            [ $name, $value ] = array_map('urldecode', explode("=", $param, 2));
                // FIXME support multiple topics?
            if (in_array($name, [ 'topic' ])) {
                if (!isset($data[$name]))
                    $data[$name] = [];
                $data[$name][] = $value;
            } else {
                $data[$name] = $value;
            }
        }

        // Put an id in there if none already
        // TODO add a configurable for this
        if (!isset($data['id'])) {
            $data['id'] = (string)Uuid::v7();
        }

        $message = Message::fromData($data);

        $this->loop->futureTick(function () use ($message) {
            $this->publishMercureMessage($message);
        });

        return Response::plaintext("urn:uuid:".$message->id."\n");
    }

    /**
     * 
     * 
     * @param Message $message
     * @return void
     */
    private function publishMercureMessage(Message $message): void
    {
        foreach ($this->webSocketClients as $webSocket) {
            $webSocket->write(json_encode([
                'type' => $message->type,
                //'topic' => $data['topic'],
                'data' => (@json_decode($message->data))??$message->data
            ]));
        }

        $sseMessage = "";
        if ($message->type) {
            $sseMessage .= "event: ".$message->type."\n";
        }
        $sseMessage .= "data: ".$message->data."\n\n";

        foreach ($this->eventClients as $client) {
            $client->write($sseMessage);
        }
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @param callable $next
     * @return PromiseInterface
     */
    private function handleWebSocketRequest(ServerRequestInterface $request, callable $next): PromiseInterface
    {
        return new Promise(
            function (callable $resolve, callable $reject) use ($next, $request) {
                if ($request->getUri()->getPath() == "/.well-known/mercure")
                    $resolve(call_user_func($this->webSocket, $request, $next));
                else 
                    $resolve($next($request));
            }
        );
    }

    /**
     * 
     * 
     */
    private function onWebSocketConnection(WebSocketConnection $connection)
    {
        $this->webSocketClients->attach($connection);

        $connection->on('close', function () use ($connection) {
            $this->webSocketClients->detach($connection);
        });

        $request = $connection->getServerRequest();
        $topic = $request->getQueryParams()['topic'][0]??'';
        $connection->setGroup($topic);
    }

    /**
     * 
     * 
     * @param ServerRequestInterface $request
     * @param callable $next
     * @return PromiseInterface
     */
    private function handleApiRequest(ServerRequestInterface $request, callable $next): PromiseInterface
    {
        return new Promise(
            function (callable $resolve, callable $reject) use ($next, $request) {

                $path = $request->getUri()->getPath();

                if ($path === "/index.html") {
                    $resolve(Response::html(self::$indexPage));
                }

                switch (true) {
                    case preg_match('<^/.well-known/mercure/subscriptions(/.+?)$>', $path, $m):
                        $query = explode("/", trim($m[1]??null, "/"));
                        $topic = array_shift($query);
                        $subscription = array_shift($query);
                        $resolve($this->apiGetSubscriptions($topic, $subscription));
                        return;
                
                    case preg_match('<^/.well-known/mercureact/status$>', $path):
                        $resolve([
                            'server' => 'Mercureact/1.0',
                            'topics' => $this->topicManager->getTopicCount(),
                            'subscriptions' => $this->topicManager->getSubscriberCount(),
                            'memoryPeak' => memory_get_peak_usage(true),
                            'memoryUsage' => memory_get_usage(true)
                        ]);
                        return;
    
                    case preg_match('<^/.well-known/mercureact/status$>', $path):
                        $resolve([ 'version' => '1.0' ]);
                        return;
                }

                $resolve($next($request));
            }
        );
    }

    /**
     * 
     * 
     * @return ResponseInterface
     */
    private function apiGetSubscriptions(string|null $topic, string|null $subscription): ResponseInterface
    {
        $lastEventId = "urn:uuid:5e94c686-2c0b-4f9b-958c-92ccc3bbb4eb";

        $data = [
            "@context" => "https://mercure.rocks/",
            "id" => "/.well-known/mercure/subscriptions",
            "type" => "Subscriptions",
            "lastEventID" => $lastEventId,
            "subscriptions" => []
        ];

        return Response::json($data)
            ->withHeader('Content-Type', 'application/ld+json')
            ->withHeader('ETag', $lastEventId);
    }
}

Server::$indexPage = <<<ENDHTML
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' http: 'unsafe-eval' 'unsafe-inline'; style-src 'self';">
</head>
<body>
<script type="text/javascript">
  const events = new EventSource("http://127.0.0.1:9000/.well-known/mercure");
  events.onmessage = msg => console.log(msg);
</script>
</body>
</html>
ENDHTML;