use clap::Parser;

/// VirtWeb backend API
#[derive(Parser, Debug, Clone)]
#[clap(author, version, about, long_about = None)]
pub struct AppConfig {
    /// Listen address
    #[clap(short, long, env, default_value = "0.0.0.0:8000")]
    pub listen_address: String,

    /// Website origin
    #[clap(short, long, env, default_value = "http://localhost:3000")]
    pub website_origin: String,

    /// Proxy IP, might end with a star "*"
    #[clap(short, long, env)]
    pub proxy_ip: Option<String>,

    /// Secret key, used to sign some resources. Must be randomly generated
    #[clap(long, env, default_value = "")]
    secret: String,

    /// Specify whether the cookie should be transmitted only over secure connections
    #[clap(long, env)]
    pub cookie_secure: bool,

    /// Auth username
    #[arg(long, env, default_value = "admin")]
    pub auth_username: String,

    /// Auth password
    #[arg(long, env, default_value = "admin")]
    pub auth_password: String,

    /// Disable local auth
    #[arg(long, env)]
    pub disable_local_auth: bool,

    /// Request header that can be added by a reverse proxy to disable local authentication
    #[arg(long, env, default_value = "X-Disable-Local-Auth")]
    pub disable_auth_header_token: String,

    /// URL where the OpenID configuration can be found
    #[arg(
        long,
        env,
        default_value = "http://localhost:9001/.well-known/openid-configuration"
    )]
    pub oidc_configuration_url: String,

    /// Disable OpenID authentication
    #[arg(long, env)]
    pub disable_oidc: bool,

    /// OpenID client ID
    #[arg(long, env, default_value = "foo")]
    pub oidc_client_id: String,

    /// OpenID client secret
    #[arg(long, env, default_value = "bar")]
    pub oidc_client_secret: String,

    /// OpenID login redirect URL
    #[arg(long, env, default_value = "APP_ORIGIN/oidc_cb")]
    oidc_redirect_url: String,

    /// Directory where temporary files are stored
    #[arg(long, env, default_value = "/tmp")]
    pub temp_dir: String,
}

lazy_static::lazy_static! {
    static ref ARGS: AppConfig = {
        AppConfig::parse()
    };
}

impl AppConfig {
    /// Get parsed command line arguments
    pub fn get() -> &'static AppConfig {
        &ARGS
    }

    /// Get auth cookie domain
    pub fn cookie_domain(&self) -> Option<String> {
        let domain = self.website_origin.split_once("://")?.1;
        Some(
            domain
                .split_once(':')
                .map(|s| s.0)
                .unwrap_or(domain)
                .to_string(),
        )
    }

    /// Get app secret
    pub fn secret(&self) -> &str {
        let mut secret = self.secret.as_str();

        if cfg!(debug_assertions) && secret.is_empty() {
            secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";
        }

        if secret.is_empty() {
            panic!("SECRET is undefined or too short (min 64 chars)!")
        }

        secret
    }

    /// Check out whether provided credentials are valid or not for local authentication
    pub fn check_local_login(&self, user: &str, pass: &str) -> bool {
        self.auth_username == user && self.auth_password == pass
    }

    /// Get OpenID providers configuration
    pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {
        if self.disable_oidc {
            return None;
        }

        Some(OIDCProvider {
            client_id: self.oidc_client_id.as_str(),
            client_secret: self.oidc_client_secret.as_str(),
            configuration_url: self.oidc_configuration_url.as_str(),
        })
    }

    /// Get OIDC callback URL
    pub fn oidc_redirect_url(&self) -> String {
        self.oidc_redirect_url
            .replace("APP_ORIGIN", &self.website_origin)
    }
}

#[derive(Debug, Clone, serde::Serialize)]
pub struct OIDCProvider<'a> {
    #[serde(skip_serializing)]
    pub client_id: &'a str,
    #[serde(skip_serializing)]
    pub client_secret: &'a str,
    #[serde(skip_serializing)]
    pub configuration_url: &'a str,
}