package main

import (
	"context"
	"crypto/rand"
	"database/sql"
	"encoding/base64"
	"errors"
	"fmt"
	"log"
	"net/http"
	"strconv"
	"strings"
	"time"

	"golang.org/x/crypto/bcrypt"

	_ "github.com/mattn/go-sqlite3"

	"stevenlr.com/timer/model"
	"stevenlr.com/timer/view"
)

func generateRandomString(len int) (string, error) {
	bin := make([]byte, len)
	_, err := rand.Read(bin)
	if err != nil {
		return "", err
	}
	return base64.StdEncoding.EncodeToString(bin), nil
}

func generateSessionId() (string, error) {
	return generateRandomString(66)
}

func generateTimerToken() (string, error) {
	return generateRandomString(66)
}

func insertTimer(tx *sql.Tx, name string, seconds int, ownerId model.UUID) error {
	now := model.MakeTimeNow()
	end := model.Time(time.Time(now).Add(time.Duration(seconds) * time.Second))
	id := model.MakeUUID()
	token, _ := generateTimerToken()
	_, err := tx.Exec(`
		INSERT INTO Timer VALUES ($1, $2, $3, $4, $5, $6)`, id, name, now, end, ownerId, token)
	return err
}

func initializeDatabaseV1(db *sql.DB) error {
	tx, err := db.Begin()
	if err != nil {
		return err
	}
	defer tx.Rollback()

	_, err = tx.Exec(`PRAGMA user_version = 1`)
	if err != nil {
		return err
	}

	_, err = tx.Exec(`
		CREATE TABLE Timer (
			Id			BLOB	NOT NULL UNIQUE,
			Name		TEXT	NOT NULL,
			StartTime	TEXT	NOT NULL,
			EndTime		TEXT	NOT NULL,
			Owner		BLOB	NOT NULL,
			Token		TEXT	NOT NULL UNIQUE,
			PRIMARY KEY (Id)
		)`)
	if err != nil {
		return err
	}

	_, err = tx.Exec(`
		CREATE TABLE User (
			Id			BLOB	NOT NULL UNIQUE,
			Name		TEXT	NOT NULL,
			Salt		TEXT	NOT NULL,
			Password	BLOB	NOT NULL,
			PRIMARY KEY (id)
		)`)
	if err != nil {
		return err
	}

	userName := "admin"
	userPassword := "admin"
	salt, err := generateRandomString(33)
	if err != nil {
		return err
	}

	password, err := bcrypt.GenerateFromPassword([]byte(salt+userPassword), bcrypt.MinCost)
	if err != nil {
		return err
	}

	_, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3, $4)`, model.MakeUUID(), userName, salt, password)
	if err != nil {
		return err
	}

	return tx.Commit()
}

func migrateDatabaseV2(db *sql.DB) error {
	tx, err := db.Begin()
	if err != nil {
		return err
	}
	defer tx.Rollback()

	_, err = tx.Exec(`PRAGMA user_version = 2`)
	if err != nil {
		return err
	}

	_, err = tx.Exec("CREATE INDEX TimerTokenIndex ON Timer(Token)")
	if err != nil {
		return err
	}

	return tx.Commit()
}

func initializeDatabase(db *sql.DB) error {
	initialVersion := 0
	row := db.QueryRow("PRAGMA user_version")
	row.Scan(&initialVersion)

	if initialVersion < 1 {
		log.Println("Initializing DB V1")
		err := initializeDatabaseV1(db)
		if err != nil {
			return err
		}
	}

	if initialVersion < 2 {
		log.Println("Migrating DB to V2")
		err := migrateDatabaseV2(db)
		if err != nil {
			return err
		}
	}

	return nil
}

func queryAllTimers(db *sql.DB, owner model.UUID) []model.Timer {
	rows, err := db.Query("SELECT Id, Name FROM Timer WHERE Owner=$1", owner)
	if err != nil {
		log.Fatalln(err)
	}

	timers := []model.Timer{}
	for rows.Next() {
		var t model.Timer
		if err := rows.Scan(&t.Id, &t.Name); err == nil {
			timers = append(timers, t)
		}
	}

	return timers
}

func queryUserByName(db *sql.DB, name string) *model.User {
	row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Name=$1", name)
	if row == nil {
		return nil
	}

	var user model.User
	row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password)

	return &user
}

func queryUserById(db *sql.DB, id model.UUID) *model.User {
	row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Id=$1", id)
	if row == nil {
		return nil
	}

	var user model.User
	row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password)

	return &user
}

func queryTimer(db *sql.DB, idStr string, userId model.UUID) *model.Timer {
	var id model.UUID
	if err := id.Scan(idStr); err != nil {
		return nil
	}

	row := db.QueryRow("SELECT Id, Name, StartTime, EndTime, Owner, Token FROM Timer WHERE Id=$1 AND Owner=$2", id, userId)

	var t model.Timer
	if err := row.Scan(&t.Id, &t.Name, &t.StartTime, &t.EndTime, &t.Owner, &t.Token); err == nil {
		return &t
	}

	return nil
}

func deleteTimer(db *sql.DB, idStr string, userId model.UUID) bool {
	var id model.UUID
	if err := id.Scan(idStr); err != nil {
		return false
	}

	res, err := db.Exec("DELETE FROM Timer WHERE Id=$1 AND Owner=$2", id, userId)
	if err != nil {
		return false
	}

	affected, err := res.RowsAffected()
	return err == nil && affected == 1
}

func updateTimerEndTime(db *sql.DB, id model.UUID, endTime model.Time, userId model.UUID) bool {
	res, err := db.Exec("UPDATE Timer SET EndTime=$1 WHERE Id=$2 AND Owner=$3", endTime, id, userId)
	if err != nil {
		return false
	}

	affected, err := res.RowsAffected()
	return err == nil && affected == 1
}

func updateTimerToken(db *sql.DB, id model.UUID, token string, userId model.UUID) bool {
	res, err := db.Exec("UPDATE Timer SET Token=$1 WHERE Id=$2 AND Owner=$3", token, id, userId)
	if err != nil {
		return false
	}

	affected, err := res.RowsAffected()
	return err == nil && affected == 1
}

type Session struct {
	UserId model.UUID
}

type MyServer struct {
	db       *sql.DB
	sessions map[string]Session
}

const SessionCookieName = "timerSession"

func removeCookie(cookieName string, w http.ResponseWriter) {
	cookie := http.Cookie{
		Name:   cookieName,
		Value:  "",
		MaxAge: -1,
	}
	http.SetCookie(w, &cookie)
}

func (server *MyServer) findCurrentUser(w http.ResponseWriter, r *http.Request) *model.User {
	cookie, err := r.Cookie(SessionCookieName)
	if err != nil {
		return nil
	}

	userId, ok := server.sessions[cookie.Value]
	if !ok {
		removeCookie(SessionCookieName, w)
		return nil
	}

	user := queryUserById(server.db, userId.UserId)
	if user == nil {
		removeCookie(SessionCookieName, w)
	}

	return user
}

func (server *MyServer) handleNotFound(w http.ResponseWriter, _ *http.Request) {
	w.WriteHeader(http.StatusNotFound)
	view.Error404().Render(context.Background(), w)
}

func (server *MyServer) handleMain(w http.ResponseWriter, r *http.Request) {
	currentUser := server.findCurrentUser(w, r)
	if r.URL.Path == "/" {
		timers := make([]model.Timer, 0)
		if currentUser != nil {
			timers = queryAllTimers(server.db, currentUser.Id)
		}
		view.Main(view.TimersList(timers, currentUser != nil), currentUser).Render(context.Background(), w)
	} else {
		server.handleNotFound(w, r)
	}
}

func (server *MyServer) handleTimer(w http.ResponseWriter, r *http.Request) {
	currentUser := server.findCurrentUser(w, r)
	if currentUser == nil {
		server.handleNotFound(w, r)
		return
	}

	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
	if timer != nil && timer.Owner == currentUser.Id {
		view.Main(view.TimerView(*timer), currentUser).Render(context.Background(), w)
	} else {
		server.handleNotFound(w, r)
	}
}

func parseDuration(value string) (time.Duration, error) {
	const nullDuration = time.Duration(0)
	if len(value) == 0 {
		return nullDuration, errors.New("Empty duration string")
	}

	var unit time.Duration
	switch value[len(value)-1] {
	case 's':
		unit = time.Second
	case 'm':
		unit = time.Minute
	case 'h':
		unit = time.Hour
	case 'd':
		unit = time.Duration(24) * time.Hour
	case 'w':
		unit = time.Duration(24*7) * time.Hour
	default:
		return nullDuration, errors.New("Invalid duration format")
	}

	amount, err := strconv.ParseInt(value[0:len(value)-1], 10, 64)
	if err != nil || amount < 0 {
		return nullDuration, errors.New("Invalid duration value")
	}

	return time.Duration(amount) * unit, nil
}

func (server *MyServer) handleTimerAddTime(w http.ResponseWriter, r *http.Request) {
	currentUser := server.findCurrentUser(w, r)
	if currentUser == nil {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
	if timer == nil {
		server.handleNotFound(w, r)
		return
	}

	if timer.IsFinished() {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	duration, err := parseDuration(r.FormValue("timeToAdd"))
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte(err.Error()))
		return
	}

	timer.EndTime.Add(duration)
	res := updateTimerEndTime(server.db, timer.Id, timer.EndTime, currentUser.Id)
	if !res {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	view.TimerInfo(*timer).Render(context.Background(), w)
}

func (server *MyServer) handleGetTimerToken(w http.ResponseWriter, r *http.Request) {
	currentUser := server.findCurrentUser(w, r)
	if currentUser == nil {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
	if timer == nil {
		server.handleNotFound(w, r)
		return
	}

	w.Write([]byte(fmt.Sprint("<code>", timer.Token, "</code>")))
}

func (server *MyServer) handleResetTimerToken(w http.ResponseWriter, r *http.Request) {
	currentUser := server.findCurrentUser(w, r)
	if currentUser == nil {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
	if timer == nil {
		server.handleNotFound(w, r)
		return
	}

	newToken, err := generateTimerToken()
	if err != nil {
		w.WriteHeader(http.StatusInternalServerError)
		return
	}

	timer.Token = newToken
	res := updateTimerToken(server.db, timer.Id, newToken, currentUser.Id)
	if !res {
		w.WriteHeader(http.StatusInternalServerError)
		return
	}

	view.TimerTokenForm(*timer).Render(context.Background(), w)
}

func (server *MyServer) handleDeleteTimer(w http.ResponseWriter, r *http.Request) {
	user := server.findCurrentUser(w, r)
	if user == nil {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	success := deleteTimer(server.db, r.PathValue("timerId"), user.Id)
	if !success {
		w.WriteHeader(http.StatusNotFound)
	}
}

func (server *MyServer) handlePutTimer(w http.ResponseWriter, r *http.Request) {
	timerName := strings.TrimSpace(r.FormValue("timerName"))

	user := server.findCurrentUser(w, r)
	if user == nil {
		w.WriteHeader(http.StatusBadRequest)
		view.TimerCreateForm(timerName, "You are not signed in").Render(context.Background(), w)
		return
	}

	days, err := strconv.ParseInt(strings.TrimSpace(r.FormValue("days")), 10, 32)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		view.TimerCreateForm(timerName, "Error parsing days").Render(context.Background(), w)
		return
	}

	hours, err := strconv.ParseInt(strings.TrimSpace(r.FormValue("hours")), 10, 32)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		view.TimerCreateForm(timerName, "Error parsing hours").Render(context.Background(), w)
		return
	}

	tx, err := server.db.Begin()
	if err != nil {
		w.WriteHeader(http.StatusInternalServerError)
		view.TimerCreateForm(timerName, "Internal server error").Render(context.Background(), w)
		return
	}
	defer tx.Rollback()

	if timerName == "" {
		w.WriteHeader(http.StatusBadRequest)
		view.TimerCreateForm("", "Timer name cannot be empty").Render(context.Background(), w)
		return
	}

	err = insertTimer(tx, timerName, int(((max(days, 0)*24)+max(hours, 0))*3600), user.Id)
	if err != nil {
		w.WriteHeader(http.StatusInternalServerError)
		view.TimerCreateForm(timerName, "Internal server error").Render(context.Background(), w)
		return
	}

	tx.Commit()

	timers := queryAllTimers(server.db, user.Id)
	view.TimersList(timers, user != nil).Render(context.Background(), w)
}

func (server *MyServer) handlePostLogin(w http.ResponseWriter, r *http.Request) {
	if server.findCurrentUser(w, r) != nil {
		w.Header().Add("HX-Redirect", "/")
		return
	}

	userName := r.FormValue("user")
	userPass := r.FormValue("password")

	user := queryUserByName(server.db, userName)
	if user == nil {
		w.WriteHeader(http.StatusBadRequest)
		view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w)
		return
	}

	err := bcrypt.CompareHashAndPassword(user.Password, []byte(user.Salt+userPass))
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w)
		return
	}

	sessionId, err := generateSessionId()
	if err != nil {
		w.WriteHeader(http.StatusInternalServerError)
		view.LoginFormError(nil, "Internal server error").Render(context.Background(), w)
		return
	}

	cookie := http.Cookie{
		Name:     SessionCookieName,
		Value:    sessionId,
		HttpOnly: true,
		Secure:   true,
	}
	server.sessions[sessionId] = Session{UserId: user.Id}
	http.SetCookie(w, &cookie)
	w.Header().Add("HX-Redirect", "/")
}

func (server *MyServer) handlePostLogout(w http.ResponseWriter, r *http.Request) {
	if cookie, err := r.Cookie(SessionCookieName); err == nil {
		delete(server.sessions, cookie.Value)
		removeCookie(SessionCookieName, w)
	}
	w.Header().Add("HX-Redirect", "/")
}

func main() {
	log.Println("Starting...")

	db, err := sql.Open("sqlite3", "file:timer.db")
	if err != nil {
		log.Fatalln(err)
	}
	defer db.Close()

	if err := initializeDatabase(db); err != nil {
		log.Fatalln(err)
	}

	myServer := MyServer{db: db, sessions: make(map[string]Session)}

	fs := http.FileServer(http.Dir("static/"))
	http.Handle("GET /static/", http.StripPrefix("/static/", fs))

	http.HandleFunc("POST /login", myServer.handlePostLogin)
	http.HandleFunc("POST /logout", myServer.handlePostLogout)
	http.HandleFunc("GET /timer/{timerId}", myServer.handleTimer)
	http.HandleFunc("POST /timer/{timerId}/addTime", myServer.handleTimerAddTime)
	http.HandleFunc("DELETE /timer/{timerId}", myServer.handleDeleteTimer)
	http.HandleFunc("POST /timer/{timerId}/resetToken", myServer.handleResetTimerToken)
	http.HandleFunc("GET /timer/{timerId}/token", myServer.handleGetTimerToken)
	http.HandleFunc("PUT /timer", myServer.handlePutTimer)
	http.HandleFunc("GET /", myServer.handleMain)

	log.Println("Started!")
	http.ListenAndServe("0.0.0.0:80", nil)
}