/****************************************************************************
 * This file is part of the project AqHome.
 * AqHome (c) by 2023 Martin Preuss, all rights reserved.
 *
 * The license for this file can be found in the file COPYING which you
 * should have received along with this file.
 ****************************************************************************/

#ifdef HAVE_CONFIG_H
# include <config.h>
#endif


#include "./u_login.h"
#include "aqhome/http/httpservice.h"
#include "aqhome/http/httpservice_http.h"
#include "aqhome/http/httpservice_conf.h"

#include <gwenhywfar/gwenhywfar.h>
#include <gwenhywfar/args.h>
#include <gwenhywfar/debug.h>
#include <gwenhywfar/endpoint.h>
#include <gwenhywfar/mdigest.h>
#include <gwenhywfar/text.h>
#include <gwenhywfar/timestamp.h>



static int _handleUrl(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq);
static int _handleGet(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq);
static int _handlePost(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq);

static int _loginUser(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq);
static int _verifyPass(AQH_USER *u, const char *userName, const char *password);
static AQH_SESSION *_generateSessionForUser(AQH_SERVICE *sv, AQH_USER *u);
static GWEN_BUFFER *_generateSessionUid(void);
static void _headerSetCookie(GWEN_DB_NODE *db, uint32_t flags, const char *cookieName, const char *cookieValue);
static GWEN_MSG *_createLoginResponseMsg(AQH_SERVICE *sv, const char *protocol, const char *sessionId, const char *newPage);





AQH_HTTP_URLHANDLER *AQH_LoginHttpUrlHandler_new(AQH_SERVICE *sv)
{
  AQH_HTTP_URLHANDLER *uh;

  uh=AQH_HttpUrlHandler_new(sv);
  AQH_HttpUrlHandler_SetHandleFn(uh, _handleUrl);

  return uh;
}



int _handleUrl(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq)
{
  const char *protocol;
  const char *cmd;
  GWEN_MSG *msgOut=NULL;

  protocol=AQH_HttpRequest_GetProtocol(rq);
  cmd=AQH_HttpRequest_GetCommand(rq);
  if (cmd && *cmd) {
    int rv;

    if (strcasecmp(cmd, "GET")==0) {
      rv=_handleGet(uh, rq);
      if (rv<0) {
        DBG_INFO(AQH_LOGDOMAIN, "here (%d)", rv);
        return rv;
      }
    }
    else if (strcasecmp(cmd, "POST")==0) {
      rv=_handlePost(uh, rq);
      if (rv<0) {
        DBG_INFO(AQH_LOGDOMAIN, "here (%d)", rv);
        return rv;
      }
    }
    else {
      msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 405, "Method not allowed", protocol, NULL);
      AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    }
    return 0;
  }
  else {
    DBG_ERROR(AQH_LOGDOMAIN, "No command in request");
    return GWEN_ERROR_INVALID;
  }
}



int _handleGet(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq)
{
  GWEN_BUFFER *pageBuf;
  int rv;
  GWEN_MSG *msgOut=NULL;
  const char *protocol;

  protocol=AQH_HttpRequest_GetProtocol(rq);
  pageBuf=GWEN_Buffer_new(0, 256, 0, 1);
  rv=AQH_HttpUrlHandler_AddContentHeaders(uh, AQH_HTTP_CONTENT_MODE_DESKTOP, pageBuf);
  if (rv<0) {
    DBG_ERROR(AQH_LOGDOMAIN, "Error adding headers");
    GWEN_Buffer_free(pageBuf);
    msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 500, "Internal Error", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  rv=AQH_HttpService_AddFile(AQH_HttpUrlHandler_GetHttpService(uh), NULL, "login.html", pageBuf);
  if (rv<0) {
    DBG_ERROR(AQH_LOGDOMAIN, "Error reading file \"login.html\"");
    GWEN_Buffer_free(pageBuf);
    msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 500, "Internal Error", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  rv=AQH_HttpUrlHandler_AddContentFooters(uh, AQH_HTTP_CONTENT_MODE_DESKTOP, pageBuf);
  if (rv<0) {
    DBG_ERROR(AQH_LOGDOMAIN, "Error adding footers");
    msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 500, "Internal Error", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    GWEN_Buffer_free(pageBuf);
    return rv;
  }

  msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 200, "OK", protocol, GWEN_Buffer_GetStart(pageBuf));
  GWEN_Buffer_free(pageBuf);
  AQH_HttpRequest_SetResponseMsg(rq, msgOut);

  return 0;
}



int _handlePost(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq)
{
  GWEN_DB_NODE *db;
  int rv;

  DBG_ERROR(NULL, "Login POST:");
  db=AQH_HttpRequest_GetDbPostBody(rq);
  GWEN_DB_Dump(db, 2);

  rv=_loginUser(uh, rq);
  if (rv<0) {
    DBG_INFO(NULL, "here (%d)", rv);
    return rv;
  }

  return 0;
}



int _loginUser(AQH_HTTP_URLHANDLER *uh, AQH_HTTP_REQUEST *rq)
{
  AQH_SERVICE *sv;
  GWEN_MSG *msgOut=NULL;
  const char *protocol;
  GWEN_DB_NODE *db;
  const char *userName;
  const char *password;
  AQH_USER *u;
  AQH_SESSION *session;
  int i;
  int rv;

  sv=AQH_HttpUrlHandler_GetHttpService(uh);
  db=AQH_HttpRequest_GetDbPostBody(rq);
  protocol=AQH_HttpRequest_GetProtocol(rq);

  userName=GWEN_DB_GetCharValue(db, "username", 0, NULL);
  password=GWEN_DB_GetCharValue(db, "password", 0, NULL);
  if (!(userName && *userName && password && *password)) {
    msgOut=AQH_HttpService_CreateResponseMsg(sv, 401, "Unauthorized", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  u=AQH_HttpService_GetUser(sv, userName);
  if (u==NULL) {
    DBG_INFO(NULL, "User \"%s\" not found", userName);
    msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 401, "Unauthorized", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  i=AQH_User_GetState(u);
  if (i==AQH_UserState_Suspended) {
    DBG_INFO(NULL, "User \"%s\" suspended", userName);
    msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 401, "Unauthorized", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  rv=_verifyPass(u, userName, password);
  if (rv<0) {
    if (rv==GWEN_ERROR_VERIFY)
      msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 401, "Unauthorized", protocol, "error");
    else
      msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 500, "Internal Error", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  session=_generateSessionForUser(sv, u);
  if (session==NULL) {
    msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 500, "Internal Error", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  DBG_ERROR(NULL, "Session generated");
  AQH_User_SetTimestampLastLogin(u, AQH_Session_GetTimestampCreation(session));
  rv=AQH_HttpService_WriteUser(sv, u);
  if (rv<0) {
    DBG_INFO(AQH_LOGDOMAIN, "here (%d)", rv);
    msgOut=AQH_HttpService_CreateResponseMsg(AQH_HttpUrlHandler_GetHttpService(uh), 500, "Internal Error", protocol, NULL);
    AQH_HttpRequest_SetResponseMsg(rq, msgOut);
    return 0;
  }

  msgOut=_createLoginResponseMsg(sv, protocol, AQH_Session_GetUid(session), "/rooms/list");
  AQH_HttpRequest_SetResponseMsg(rq, msgOut);

  return 0;
}



int _verifyPass(AQH_USER *u, const char *userName, const char *password)
{
  GWEN_MDIGEST *md;
  int rv;
  const char *storedPasswordHash;
  char buffer[70];

  storedPasswordHash=AQH_User_GetHashedPassword(u);
  if (!(storedPasswordHash && *storedPasswordHash)) {
    DBG_ERROR(NULL, "No password hash stored with user \"%s\"", userName);
    return GWEN_ERROR_INTERNAL;
  }

  md=GWEN_MDigest_Sha256_new();
  rv=GWEN_MDigest_Begin(md);
  if (rv<0) {
    DBG_ERROR(NULL, "Error digesting given password [begin] (%d)", rv);
    GWEN_MDigest_free(md);
    return rv;
  }

  rv=GWEN_MDigest_Update(md, (const uint8_t*) password, strlen(password));
  if (rv<0) {
    DBG_ERROR(NULL, "Error digesting given password [update] (%d)", rv);
    GWEN_MDigest_free(md);
    return rv;
  }

  rv=GWEN_MDigest_End(md);
  if (rv<0) {
    DBG_ERROR(NULL, "Error digesting given password [end] (%d)", rv);
    GWEN_MDigest_free(md);
    return rv;
  }

  DBG_ERROR(NULL, "Digest needs %d bytes", (GWEN_MDigest_GetDigestSize(md)*2)+1);
  if (NULL==GWEN_Text_ToHex((const char*) GWEN_MDigest_GetDigestPtr(md), GWEN_MDigest_GetDigestSize(md), buffer, sizeof(buffer)-1)) {
    DBG_ERROR(NULL, "Buffer too small (need %d)", (GWEN_MDigest_GetDigestSize(md)*2)+1);
    GWEN_MDigest_free(md);
    return GWEN_ERROR_INTERNAL;
  }
  GWEN_MDigest_free(md);

  if (strcasecmp(buffer, storedPasswordHash)!=0) {
    DBG_ERROR(NULL, "Bad password for user \"%s\"", userName);
    return GWEN_ERROR_VERIFY;
  }

  DBG_ERROR(NULL, "Valid password for user \"%s\"", userName);
  return 0;
}



AQH_SESSION *_generateSessionForUser(AQH_SERVICE *sv, AQH_USER *u)
{
  AQH_SESSION *session;
  GWEN_BUFFER *buf;
  GWEN_TIMESTAMP *ts;
  int rv;

  buf=_generateSessionUid();
  if (buf==NULL) {
    DBG_INFO(NULL, "here");
    return NULL;
  }
  DBG_INFO(NULL, "New session id: [%s]", GWEN_Buffer_GetStart(buf));

  session=AQH_Session_new();
  AQH_Session_SetUid(session, GWEN_Buffer_GetStart(buf));

  ts=GWEN_Timestamp_NowInGmTime();
  AQH_Session_SetTimestampCreation(session, ts);
  GWEN_Timestamp_free(ts);

  AQH_Session_SetUserAlias(session, AQH_User_GetAlias(u));
  AQH_Session_SetUser(session, u);

  rv=AQH_HttpService_AddSession(sv, session);
  if (rv<0) {
    DBG_INFO(NULL, "Error adding session \"%s\" (%d)", AQH_Session_GetUid(session), rv);
    AQH_Session_free(session);
    return NULL;
  }

  return session;
}



GWEN_BUFFER *_generateSessionUid(void)
{
  uint8_t binbuf[8];
  GWEN_BUFFER *buf;
  int rv;

  rv=GWEN_SyncIo_Helper_PartiallyReadFile("/dev/urandom", binbuf, sizeof(binbuf));
  if (rv<sizeof(binbuf)) {
    DBG_ERROR(NULL, "Error reading from /dev/urandom: %d", rv);
    return NULL;
  }

  buf=GWEN_Buffer_new(0, 20, 0, 1);
  rv=GWEN_Text_ToHexBuffer((const char*) binbuf, rv, buf, 0, 0, 0);
  if (rv<0) {
    DBG_ERROR(NULL, "Error converting random bytes to hex (%d)", rv);
    GWEN_Buffer_free(buf);
    return NULL;
  }

  return buf;
}



GWEN_MSG *_createLoginResponseMsg(AQH_SERVICE *sv, const char *protocol, const char *sessionId, const char *newPage)
{
  GWEN_BUFFER *buf;
  GWEN_MSG *msg;
  GWEN_DB_NODE *db;

  buf=GWEN_Buffer_new(0, 256, 0, 1);
  AQH_HttpService_AddStatusLine(sv, 303, "OK, redirecting to content", protocol, buf);
  db=GWEN_DB_Group_new("header");
  GWEN_DB_SetCharValue(db, GWEN_DB_FLAGS_OVERWRITE_VARS, "Connection", "Keep-Alive");
  GWEN_DB_SetCharValue(db, GWEN_DB_FLAGS_OVERWRITE_VARS, "Content-Type", "text/html; charset=utf-8");
  _headerSetCookie(db, GWEN_DB_FLAGS_OVERWRITE_VARS, AQH_HTTP_REQUEST_SESSIONCOOKIE, sessionId);
  GWEN_DB_SetCharValue(db, GWEN_DB_FLAGS_OVERWRITE_VARS, "Location", newPage);
  GWEN_DB_SetIntValue(db, GWEN_DB_FLAGS_OVERWRITE_VARS, "Content-Length", 0);
  AQH_HttpService_AddHeader(sv, db, buf);
  GWEN_DB_Group_free(db);

  msg=GWEN_Msg_fromBytes((const uint8_t*)GWEN_Buffer_GetStart(buf), GWEN_Buffer_GetUsedBytes(buf));
  GWEN_Buffer_free(buf);
  return msg;
}



void _headerSetCookie(GWEN_DB_NODE *db, uint32_t flags, const char *cookieName, const char *cookieValue)
{
  if (cookieName && cookieValue) {
    GWEN_BUFFER *dbuf;

    dbuf=GWEN_Buffer_new(0, 32, 0, 1);
    GWEN_Buffer_AppendArgs(dbuf, "%s=%s", cookieName, cookieValue);
    GWEN_DB_SetCharValue(db, flags, "Set-Cookie", GWEN_Buffer_GetStart(dbuf));
    GWEN_Buffer_free(dbuf);
  }
}