package handler

import (
	"blackforestbytes.com/simplecloudnotifier/logic"
	"database/sql"
	"errors"
	"gogs.mikescher.com/BlackForestBytes/goext/ginext"
	"net/http"
	"strings"
	"time"

	"blackforestbytes.com/simplecloudnotifier/api/apierr"
	"blackforestbytes.com/simplecloudnotifier/api/ginresp"
	ct "blackforestbytes.com/simplecloudnotifier/db/cursortoken"
	"blackforestbytes.com/simplecloudnotifier/models"
	"gogs.mikescher.com/BlackForestBytes/goext/langext"
	"gogs.mikescher.com/BlackForestBytes/goext/mathext"
)

// ListMessages swaggerdoc
//
//	@Summary		List all (subscribed) messages
//	@Description	The next_page_token is an opaque token, the special value "@start" (or empty-string) is the beginning and "@end" is the end
//	@Description	Simply start the pagination without a next_page_token and get the next page by calling this endpoint with the returned next_page_token of the last query
//	@Description	If there are no more entries the token "@end" will be returned
//	@Description	By default we return long messages with a trimmed body, if trimmed=false is supplied we return full messages (this reduces the max page_size)
//	@ID				api-messages-list
//	@Tags			API-v2
//
//	@Param			query_data	query		handler.ListMessages.query	false	" "
//
//	@Success		200			{object}	handler.ListMessages.response
//	@Failure		400			{object}	ginresp.apiError	"supplied values/parameters cannot be parsed / are invalid"
//	@Failure		401			{object}	ginresp.apiError	"user is not authorized / has missing permissions"
//	@Failure		500			{object}	ginresp.apiError	"internal server error"
//
//	@Router			/api/v2/messages [GET]
func (h APIHandler) ListMessages(pctx ginext.PreContext) ginext.HTTPResponse {
	type query struct {
		PageSize      *int     `json:"page_size"       form:"page_size"`
		NextPageToken *string  `json:"next_page_token" form:"next_page_token"`
		Filter        *string  `json:"filter"          form:"filter"`
		Trimmed       *bool    `json:"trimmed"         form:"trimmed"`
		Channels      []string `json:"channel"         form:"channel"`
		ChannelIDs    []string `json:"channel_id"      form:"channel_id"`
		Senders       []string `json:"sender"          form:"sender"`
		TimeBefore    *string  `json:"before"          form:"before"` // RFC3339
		TimeAfter     *string  `json:"after"           form:"after"`  // RFC3339
		Priority      []int    `json:"priority"        form:"priority"`
		KeyTokens     []string `json:"used_key"        form:"used_key"`
		HasSender     *bool    `json:"has_sender"      form:"has_sender"`
	}
	type response struct {
		Messages      []models.Message `json:"messages"`
		NextPageToken string           `json:"next_page_token"`
		PageSize      int              `json:"page_size"`
		TotalCount    int64            `json:"total_count"`
	}

	var q query
	ctx, g, errResp := pctx.Query(&q).Start()
	if errResp != nil {
		return *errResp
	}
	defer ctx.Cancel()

	return h.app.DoRequest(ctx, g, models.TLockReadWrite, func(ctx *logic.AppContext, finishSuccess func(r ginext.HTTPResponse) ginext.HTTPResponse) ginext.HTTPResponse {

		trimmed := langext.Coalesce(q.Trimmed, true)

		maxPageSize := langext.Conditional(trimmed, 16, 256)

		pageSize := mathext.Clamp(langext.Coalesce(q.PageSize, 64), 1, maxPageSize)

		if permResp := ctx.CheckPermissionSelfAllMessagesRead(); permResp != nil {
			return *permResp
		}

		userid := *ctx.GetPermissionUserID()

		tok, err := ct.Decode(langext.Coalesce(q.NextPageToken, ""))
		if err != nil {
			return ginresp.APIError(g, 400, apierr.PAGETOKEN_ERROR, "Failed to decode next_page_token", err)
		}

		err = h.database.UpdateUserLastRead(ctx, userid)
		if err != nil {
			return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to update last-read", err)
		}

		filter := models.MessageFilter{
			ConfirmedSubscriptionBy: langext.Ptr(userid),
		}

		if q.Filter != nil && strings.TrimSpace(*q.Filter) != "" {
			filter.SearchString = langext.Ptr([]string{strings.TrimSpace(*q.Filter)})
		}

		if len(q.Channels) != 0 {
			filter.ChannelNameCS = langext.Ptr(q.Channels)
		}

		if len(q.ChannelIDs) != 0 {
			cids := make([]models.ChannelID, 0, len(q.ChannelIDs))
			for _, v := range q.ChannelIDs {
				cid := models.ChannelID(v)
				if err = cid.Valid(); err != nil {
					return ginresp.APIError(g, 400, apierr.BINDFAIL_QUERY_PARAM, "Invalid channel-id", err)
				}
				cids = append(cids, cid)
			}
			filter.ChannelID = &cids
		}

		if len(q.Senders) != 0 {
			filter.SenderNameCS = langext.Ptr(q.Senders)
		}

		if q.HasSender != nil {
			filter.HasSenderName = langext.Ptr(*q.HasSender)
		}

		if q.TimeBefore != nil {
			t0, err := time.Parse(time.RFC3339, *q.TimeBefore)
			if err != nil {
				return ginresp.APIError(g, 400, apierr.BINDFAIL_QUERY_PARAM, "Invalid before-time", err)
			}
			filter.TimestampCoalesceBefore = &t0
		}

		if q.TimeAfter != nil {
			t0, err := time.Parse(time.RFC3339, *q.TimeAfter)
			if err != nil {
				return ginresp.APIError(g, 400, apierr.BINDFAIL_QUERY_PARAM, "Invalid after-time", err)
			}
			filter.TimestampCoalesceAfter = &t0
		}

		if len(q.Priority) != 0 {
			filter.Priority = langext.Ptr(q.Priority)
		}

		if len(q.KeyTokens) != 0 {
			tids := make([]models.KeyTokenID, 0, len(q.KeyTokens))
			for _, v := range q.KeyTokens {
				tid := models.KeyTokenID(v)
				if err = tid.Valid(); err != nil {
					return ginresp.APIError(g, 400, apierr.BINDFAIL_QUERY_PARAM, "Invalid keytoken-id", err)
				}
				tids = append(tids, tid)
			}
			filter.UsedKeyID = &tids
		}

		messages, npt, totalCount, err := h.database.ListMessages(ctx, filter, &pageSize, tok)
		if err != nil {
			return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query messages", err)
		}

		if trimmed {
			res := langext.ArrMap(messages, func(v models.Message) models.Message { return v.PreMarshal().Trim() })
			return finishSuccess(ginext.JSON(http.StatusOK, response{Messages: res, NextPageToken: npt.Token(), PageSize: pageSize, TotalCount: totalCount}))
		} else {
			res := langext.ArrMap(messages, func(v models.Message) models.Message { return v.PreMarshal() })
			return finishSuccess(ginext.JSON(http.StatusOK, response{Messages: res, NextPageToken: npt.Token(), PageSize: pageSize, TotalCount: totalCount}))
		}
	})
}

// GetMessage swaggerdoc
//
//	@Summary		Get a single message (untrimmed)
//	@Description	The user must either own the message and request the resource with the READ or ADMIN Key
//	@Description	Or the user must subscribe to the corresponding channel (and be confirmed) and request the resource with the READ or ADMIN Key
//	@Description	The returned message is never trimmed
//	@ID				api-messages-get
//	@Tags			API-v2
//
//	@Param			mid	path		string	true	"MessageID"
//
//	@Success		200	{object}	models.Message
//	@Failure		400	{object}	ginresp.apiError	"supplied values/parameters cannot be parsed / are invalid"
//	@Failure		401	{object}	ginresp.apiError	"user is not authorized / has missing permissions"
//	@Failure		404	{object}	ginresp.apiError	"message not found"
//	@Failure		500	{object}	ginresp.apiError	"internal server error"
//
//	@Router			/api/v2/messages/{mid} [GET]
func (h APIHandler) GetMessage(pctx ginext.PreContext) ginext.HTTPResponse {
	type uri struct {
		MessageID models.MessageID `uri:"mid" binding:"entityid"`
	}

	var u uri
	ctx, g, errResp := pctx.URI(&u).Start()
	if errResp != nil {
		return *errResp
	}
	defer ctx.Cancel()

	return h.app.DoRequest(ctx, g, models.TLockRead, func(ctx *logic.AppContext, finishSuccess func(r ginext.HTTPResponse) ginext.HTTPResponse) ginext.HTTPResponse {

		if permResp := ctx.CheckPermissionAny(); permResp != nil {
			return *permResp
		}

		msg, err := h.database.GetMessage(ctx, u.MessageID, false)
		if errors.Is(err, sql.ErrNoRows) {
			return ginresp.APIError(g, 404, apierr.MESSAGE_NOT_FOUND, "message not found", err)
		}
		if err != nil {
			return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query message", err)
		}

		// either we have direct read permissions (it is our message + read/admin key)
		// or we subscribe (+confirmed) to the channel and have read/admin key

		if ctx.CheckPermissionMessageRead(msg) {
			return finishSuccess(ginext.JSON(http.StatusOK, msg.PreMarshal()))
		}

		if uid := ctx.GetPermissionUserID(); uid != nil && ctx.CheckPermissionUserRead(*uid) == nil {
			sub, err := h.database.GetSubscriptionBySubscriber(ctx, *uid, msg.ChannelID)
			if err != nil {
				return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err)
			}
			if sub == nil {
				// not subbed
				return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
			}
			if !sub.Confirmed {
				// sub not confirmed
				return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
			}

			// => perm okay
			return finishSuccess(ginext.JSON(http.StatusOK, msg.PreMarshal()))
		}

		return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)

	})
}

// DeleteMessage swaggerdoc
//
//	@Summary		Delete a single message
//	@Description	The user must own the message and request the resource with the ADMIN Key
//	@ID				api-messages-delete
//	@Tags			API-v2
//
//	@Param			mid	path		string	true	"MessageID"
//
//	@Success		200	{object}	models.Message
//	@Failure		400	{object}	ginresp.apiError	"supplied values/parameters cannot be parsed / are invalid"
//	@Failure		401	{object}	ginresp.apiError	"user is not authorized / has missing permissions"
//	@Failure		404	{object}	ginresp.apiError	"message not found"
//	@Failure		500	{object}	ginresp.apiError	"internal server error"
//
//	@Router			/api/v2/messages/{mid} [DELETE]
func (h APIHandler) DeleteMessage(pctx ginext.PreContext) ginext.HTTPResponse {
	type uri struct {
		MessageID models.MessageID `uri:"mid" binding:"entityid"`
	}

	var u uri
	ctx, g, errResp := pctx.URI(&u).Start()
	if errResp != nil {
		return *errResp
	}
	defer ctx.Cancel()

	return h.app.DoRequest(ctx, g, models.TLockReadWrite, func(ctx *logic.AppContext, finishSuccess func(r ginext.HTTPResponse) ginext.HTTPResponse) ginext.HTTPResponse {

		if permResp := ctx.CheckPermissionAny(); permResp != nil {
			return *permResp
		}

		msg, err := h.database.GetMessage(ctx, u.MessageID, false)
		if errors.Is(err, sql.ErrNoRows) {
			return ginresp.APIError(g, 404, apierr.MESSAGE_NOT_FOUND, "message not found", err)
		}
		if err != nil {
			return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query message", err)
		}

		if !ctx.CheckPermissionMessageDelete(msg) {
			return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
		}

		err = h.database.DeleteMessage(ctx, msg.MessageID)
		if err != nil {
			return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to delete message", err)
		}

		err = h.database.CancelPendingDeliveries(ctx, msg.MessageID)
		if err != nil {
			return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to cancel deliveries", err)
		}

		return finishSuccess(ginext.JSON(http.StatusOK, msg.PreMarshal()))

	})
}