package main

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	"go.fixergrid.net/servicedemon/appconfig"
	"go.fixergrid.net/servicedemon/pubsub"
	"go.fixergrid.net/servicedemon/registrar"
)

func main() {
	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	logger := log.New(os.Stdout, "main: ", log.LstdFlags|log.Lshortfile)
	logger.Println("Starting .... the >HUB<")

	pubsub := pubsub.New()
	repo := registrar.NewRepo()

	r := registrar.NewRegistrar(
		pubsub,
		repo,
	)

	al := registrar.NewApprovalListener(
		pubsub,
		nil,
		repo,
	)
	go al.Run(ctx)

	appConfig := appconfig.NewProvider()

	mux := http.NewServeMux()
	logger.Println("Registering endpoints...")
	mux.HandleFunc("/register", postjson(r.HandleRegistration))
	logger.Println("POST /register")

	mux.Handle("/approvals/", http.StripPrefix("/approvals/", wrapHandleFunc(postjson(r.HandleApproval))))
	logger.Println("POST /approvals/:id")

	mux.Handle("/application/", http.StripPrefix("/application", appConfig.Handler()))
	logger.Println("GET  /application/config/authz")

	server, err := newServer()
	if err != nil {
		logger.Fatal(err)
	}

	server.Handler = mux
	log.Println(server.ListenAndServeTLS("", ""))
}

func newServer() (*http.Server, error) {
	// "./certs/combined.pem", "./certs/server-key.pem"
	requiredVars := map[string]string{
		"HUB_CA_CERT_FILE":     "",
		"HUB_SERVER_CERT_FILE": "",
		"HUB_SERVER_KEY_FILE":  "",
	}

	for k := range requiredVars {
		val, isSet := os.LookupEnv(k)
		if !isSet {
			return nil, fmt.Errorf("hub: required environment variable is unset: %s", k)
		}
		requiredVars[k] = val
	}

	certFile, err := os.Open(requiredVars["HUB_CA_CERT_FILE"])
	if err != nil {
		return nil, fmt.Errorf("hub: failed to open ca.pem: %w", err)
	}

	caCert, err := io.ReadAll(certFile)
	if err != nil {
		return nil, fmt.Errorf("hub: failed to read in ca: %w", err)
	}

	pool := x509.NewCertPool()
	pool.AppendCertsFromPEM(caCert)

	serverCert, err := tls.LoadX509KeyPair(requiredVars["HUB_SERVER_CERT_FILE"], requiredVars["HUB_SERVER_KEY_FILE"])
	if err != nil {
		return nil, fmt.Errorf("hub: failed to load server certs: %w", err)
	}

	server := &http.Server{
		Addr: ":3001",
		TLSConfig: &tls.Config{
			ClientCAs:    pool,
			ClientAuth:   tls.RequireAndVerifyClientCert,
			Certificates: []tls.Certificate{serverCert},
		},
	}

	return server, nil
}