package main

import (
	"bytes"
	"crypto"
	"encoding/json"
	"flag"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	"crispbyte.dev/sig-auth/client"
	"crispbyte.dev/sig-auth/server"
	"github.com/opencontainers/go-digest"
	"golang.org/x/crypto/ssh"
)

func main() {
	useClient := flag.Bool("c", false, "Run client")

	keyPath := flag.String("key", "", "Path to the private key (client mode) or public key (server mode) to use - Required")

	simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy")

	flag.Parse()

	if *keyPath == "" {
		flag.PrintDefaults()
		return
	}

	if *useClient {
		runClient(keyPath, *simulateCaddy)
	} else {
		runServer(keyPath, *simulateCaddy)
	}
}

func runClient(keyFile *string, simulateCaddy bool) {
	testData := map[string]string{"hello": "world"}
	json_data, _ := json.Marshal(testData)

	key, err := loadPrivateKey(*keyFile)

	if err != nil {
		log.Fatal(err)
	}

	client, err := client.GetSigningClient(key, "test-id")

	if err != nil {
		log.Fatal(err)
	}

	id := digest.FromBytes(json_data)

	var req *http.Request

	req, err = http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))

	if err != nil {
		log.Fatal(err)
	}

	req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
	req.Header.Add("Content-Type", "application/json")

	if simulateCaddy {
		req.Header.Add("X-Forwarded-Method", req.Method)
		req.Header.Add("X-Forwarded-Uri", req.RequestURI)
	}

	resp, err := client.Do(req)

	if err != nil {
		log.Fatal(err)
	}

	defer resp.Body.Close()

	out, err := io.ReadAll(resp.Body)

	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(resp.StatusCode)
	fmt.Println(resp.Header)
	fmt.Println(string(out[:]))
}

func runServer(keyFile *string, simulateCaddy bool) {
	key, err := loadPublicKey(*keyFile)

	if err != nil {
		log.Fatal(err)
	}

	server.Start(key, simulateCaddy)
}

func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
	keyBytes, err := os.ReadFile(keyFile)

	if err != nil {
		return nil, err
	}

	return ssh.ParseRawPrivateKey(keyBytes)
}

func loadPublicKey(keyFile string) (crypto.PublicKey, error) {
	keyBytes, err := os.ReadFile(keyFile)

	if err != nil {
		return nil, err
	}

	pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)

	return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
}