package apiserver

import (
	"context"
	"fmt"
	"os"

	"github.com/gin-gonic/gin"
	zeldaiov1alpha1 "github.com/ycyxuehan/zelda/api/v1alpha1"
	authapi "github.com/ycyxuehan/zelda/apiserver/auth/api"
	proxyapi "github.com/ycyxuehan/zelda/apiserver/proxy/api"
	corev1 "k8s.io/api/core/v1"
	kubeclient "sigs.k8s.io/controller-runtime/pkg/client"
)

type APIServer struct {
	client          kubeclient.Client
	authManager     authapi.AuthManager
	proxies         []proxyapi.Proxy
	namesapce       string
	zserviceHandler *ZServiceHandler
}

func NewAPIServer(client kubeclient.Client, authManager authapi.AuthManager) *APIServer {
	server := &APIServer{
		client:          client,
		authManager:     authManager,
		zserviceHandler: NewZServiceHandler(client),
	}
	server.setNamespace()
	return server
}

func (a *APIServer) setNamespace() error {
	data, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
	a.namesapce = string(data)
	return err
}

func (a *APIServer) UseProxies(proxies ...proxyapi.Proxy) {
	a.proxies = append(a.proxies, proxies...)
}

//设置路由
func (a *APIServer) SetRoute(engine *gin.Engine) {
	//添加认证接口
	authGroup := engine.Group("/auth")
	a.authManager.InitAuthRoute(a.IdentifyFunc(), authGroup)
	//添加代理接口
	for _, proxy := range a.proxies {
		proxyGroup := engine.Group(proxy.Path())
		proxyGroup.Use(a.authManager.MiddleWare())
		proxyGroup.GET("/", proxy.Proxy())
		proxyGroup.PUT("/", proxy.Proxy())
		proxyGroup.POST("/", proxy.Proxy())
		proxyGroup.PATCH("/", proxy.Proxy())
		proxyGroup.DELETE("/", proxy.Proxy())
		proxyGroup.OPTIONS("/", proxy.Proxy())
	}
	//添加服务接口
	apiGroup := engine.Group("/api/v1alpha1")
	apiGroup.Use(a.authManager.MiddleWare())

	//zservice
	zserviceGroup := apiGroup.Group("/zservice")
	zserviceGroup.GET("/:name/restart", a.zserviceHandler.HandleRestart)
	zserviceGroup.GET("/:name/start", a.zserviceHandler.HandleStart)
	zserviceGroup.GET("/:name/stop", a.zserviceHandler.HandleStop)
	zserviceGroup.POST("/:name/scale", a.zserviceHandler.HandleScale)
	zserviceGroup.POST("/:name/version", a.zserviceHandler.HandleChangeVersion)

}

func (a *APIServer) IdentifyFunc() authapi.IdentifyFunc {
	return func(ar *authapi.AuthentitionRequest) (authapi.IdentifyResult, error) {
		zuser := zeldaiov1alpha1.ZUser{}
		err := a.client.Get(context.Background(), kubeclient.ObjectKey{Namespace: a.namesapce, Name: ar.Username}, &zuser)
		if err != nil {
			return authapi.IdentifyResult{}, err
		}
		if ar.Password != zuser.Spec.Password {
			return authapi.IdentifyResult{}, fmt.Errorf("password is invalid")
		}
		//密码验证通过，获取kubernetes token
		secret := corev1.Secret{}
		err = a.client.Get(context.Background(), kubeclient.ObjectKey{Namespace: a.namesapce, Name: zuser.Status.Token}, &secret)
		if err != nil {
			return authapi.IdentifyResult{}, err
		}
		//这里处理证书和token
		return authapi.IdentifyResult{KubernetesToken: secret.StringData["token"], Cert: secret.StringData["ca.crt"]}, nil
	}
}

func (a *APIServer)Run(addr string)error{
	engine := gin.Default()
	a.SetRoute(engine)
	return engine.Run(addr)
}