package daecommon

import (
	"bytes"
	"fmt"
	"io"
	"isle/bootstrap"
	"isle/toolkit"
	"net"
	"os"
	"strconv"

	_ "embed"

	"gopkg.in/yaml.v3"
)

const (
	// Network ID used when translating from the old single-network daemon
	// config to the multi-network config.
	DeprecatedNetworkID = "_" // DEPRECATED
)

//go:embed daemon.yml
var defaultConfigB []byte

type ConfigTun struct {
	Device string `yaml:"device"`
}

type ConfigFirewall struct {
	Outbound []ConfigFirewallRule `yaml:"outbound"`
	Inbound  []ConfigFirewallRule `yaml:"inbound"`
}

type ConfigFirewallRule struct {
	Port   string   `yaml:"port,omitempty"`
	Code   string   `yaml:"code,omitempty"`
	Proto  string   `yaml:"proto,omitempty"`
	Host   string   `yaml:"host,omitempty"`
	Group  string   `yaml:"group,omitempty"`
	Groups []string `yaml:"groups,omitempty"`
	CIDR   string   `yaml:"cidr,omitempty"`
	CASha  string   `yaml:"ca_sha,omitempty"`
	CAName string   `yaml:"ca_name,omitempty"`
}

// ConfigStorageAllocation describes the structure of each storage allocation
// within the daemon config file.
type ConfigStorageAllocation struct {
	DataPath  string `yaml:"data_path"`
	MetaPath  string `yaml:"meta_path"`
	Capacity  int    `yaml:"capacity"`
	S3APIPort int    `yaml:"s3_api_port"`
	RPCPort   int    `yaml:"rpc_port"`
	AdminPort int    `yaml:"admin_port"`

	// Zone is a secret option which makes it easier to test garage bugs, but
	// which we don't want users to otherwise know about.
	Zone string `yaml:"zone"`
}

// NetworkConfig describes the configuration of a single network.
type NetworkConfig struct {
	DNS struct {
		Resolvers []string `yaml:"resolvers"`
	} `yaml:"dns"`
	VPN struct {
		PublicAddr string         `yaml:"public_addr"`
		Firewall   ConfigFirewall `yaml:"firewall"`
		Tun        ConfigTun      `yaml:"tun"`
	} `yaml:"vpn"`
	Storage struct {
		Allocations []ConfigStorageAllocation
	} `yaml:"storage"`
}

func (c *NetworkConfig) fillDefaults() {
	if c.DNS.Resolvers == nil {
		c.DNS.Resolvers = []string{
			"1.1.1.1",
			"8.8.8.8",
		}
	}

	if c.VPN.Firewall.Outbound == nil {
		c.VPN.Firewall.Outbound = []ConfigFirewallRule{
			{
				Port:  "any",
				Proto: "any",
				Host:  "any",
			},
		}
	}

	if c.VPN.Firewall.Inbound == nil {
		c.VPN.Firewall.Inbound = []ConfigFirewallRule{
			{
				Port:  "any",
				Proto: "icmp",
				Host:  "any",
			},
		}
	}

	if c.VPN.Tun.Device == "" {
		c.VPN.Tun.Device = "isle-tun"
	}

	var firewallGarageInbound []ConfigFirewallRule

	for i := range c.Storage.Allocations {
		if c.Storage.Allocations[i].RPCPort == 0 {
			c.Storage.Allocations[i].RPCPort = 3900 + (i * 10)
		}

		if c.Storage.Allocations[i].S3APIPort == 0 {
			c.Storage.Allocations[i].S3APIPort = 3901 + (i * 10)
		}

		if c.Storage.Allocations[i].AdminPort == 0 {
			c.Storage.Allocations[i].AdminPort = 3902 + (i * 10)
		}

		alloc := c.Storage.Allocations[i]

		firewallGarageInbound = append(
			firewallGarageInbound,
			ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.S3APIPort),
				Proto: "tcp",
				Host:  "any",
			},
			ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.RPCPort),
				Proto: "tcp",
				Host:  "any",
			},
		)
	}

	c.VPN.Firewall.Inbound = append(
		c.VPN.Firewall.Inbound,
		firewallGarageInbound...,
	)
}

// Config describes the structure of the daemon config file.
type Config struct {
	Networks map[string]NetworkConfig `yaml:"networks"`
}

// Validate asserts that the Config has no internal inconsistencies which would
// render it unusable.
func (c Config) Validate() error {
	nebulaPorts := map[string]string{}

	for id, network := range c.Networks {
		if network.VPN.PublicAddr == "" {
			continue
		}

		_, port, err := net.SplitHostPort(network.VPN.PublicAddr)
		if err != nil {
			return fmt.Errorf(
				"invalid vpn.public_addr %q: %w", network.VPN.PublicAddr, err,
			)
		} else if otherID, ok := nebulaPorts[port]; ok {
			return fmt.Errorf(
				"two networks with the same vpn.public_addr: %q and %q",
				id,
				otherID,
			)
		}

		nebulaPorts[port] = id
	}

	return nil
}

// CopyDefaultConfig copies the daemon config file embedded in the AppDir into
// the given io.Writer.
func CopyDefaultConfig(into io.Writer) error {
	_, err := io.Copy(into, bytes.NewReader(defaultConfigB))
	return err
}

// LoadConfig loads the daemon config from userConfigPath.
//
// If userConfigPath is not given then the default is loaded and returned.
func LoadConfig(userConfigPath string) (Config, error) {
	if userConfigPath == "" {
		return Config{}, nil
	}

	userConfigB, err := os.ReadFile(userConfigPath)
	if err != nil {
		return Config{}, fmt.Errorf("reading from file: %w", err)
	}

	{ // DEPRECATED
		var networkConfig NetworkConfig
		_ = yaml.Unmarshal(userConfigB, &networkConfig)
		if !toolkit.IsZero(networkConfig) {
			networkConfig.fillDefaults()
			config := Config{
				Networks: map[string]NetworkConfig{
					DeprecatedNetworkID: networkConfig,
				},
			}
			return config, config.Validate()
		}
	}

	var config Config
	if err := yaml.Unmarshal(userConfigB, &config); err != nil {
		return Config{}, fmt.Errorf("yaml unmarshaling back into Config struct: %w", err)
	}

	for id := range config.Networks {
		network := config.Networks[id]
		network.fillDefaults()
		config.Networks[id] = network
	}

	return config, config.Validate()
}

// BootstrapGarageHostForAlloc returns the bootstrap.GarageHostInstance which
// corresponds with the given alloc from the daemon config. This will panic if
// no associated instance can be found.
func BootstrapGarageHostForAlloc(
	host bootstrap.Host,
	alloc ConfigStorageAllocation,
) bootstrap.GarageHostInstance {

	for _, inst := range host.Garage.Instances {
		if inst.RPCPort == alloc.RPCPort {
			return inst
		}
	}

	panic(fmt.Sprintf("could not find alloc %+v in the bootstrap data", alloc))
}