package deployer

import (
	"context"
	"encoding/json"
	"fmt"
	"strings"
	"golang.org/x/exp/slices"

	cdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
	ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"

	"github.com/usual2970/certimate/internal/domain"
	"github.com/usual2970/certimate/internal/utils/rand"
)

type TencentCDNDeployer struct {
	option     *DeployerOption
	credential *common.Credential
	infos      []string
}

func NewTencentCDNDeployer(option *DeployerOption) (Deployer, error) {
	access := &domain.TencentAccess{}
	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
		return nil, fmt.Errorf("failed to unmarshal tencent access: %w", err)
	}

	credential := common.NewCredential(
		access.SecretId,
		access.SecretKey,
	)

	return &TencentCDNDeployer{
		option:     option,
		credential: credential,
		infos:      make([]string, 0),
	}, nil
}

func (d *TencentCDNDeployer) GetID() string {
	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
}

func (d *TencentCDNDeployer) GetInfo() []string {
	return d.infos
}

func (d *TencentCDNDeployer) Deploy(ctx context.Context) error {
	// 上传证书
	certId, err := d.uploadCert()
	if err != nil {
		return fmt.Errorf("failed to upload certificate: %w", err)
	}
	d.infos = append(d.infos, toStr("上传证书", certId))

	if err := d.deploy(certId); err != nil {
		return fmt.Errorf("failed to deploy: %w", err)
	}

	return nil
}

func (d *TencentCDNDeployer) uploadCert() (string, error) {
	cpf := profile.NewClientProfile()
	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"

	client, _ := ssl.NewClient(d.credential, "", cpf)

	request := ssl.NewUploadCertificateRequest()

	request.CertificatePublicKey = common.StringPtr(d.option.Certificate.Certificate)
	request.CertificatePrivateKey = common.StringPtr(d.option.Certificate.PrivateKey)
	request.Alias = common.StringPtr(d.option.Domain + "_" + rand.RandStr(6))
	request.Repeatable = common.BoolPtr(false)

	response, err := client.UploadCertificate(request)
	if err != nil {
		return "", fmt.Errorf("failed to upload certificate: %w", err)
	}

	return *response.Response.CertificateId, nil
}

func (d *TencentCDNDeployer) deploy(certId string) error {
	cpf := profile.NewClientProfile()
	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
	// 实例化要请求产品的client对象,clientProfile是可选的
	client, _ := ssl.NewClient(d.credential, "", cpf)

	// 实例化一个请求对象,每个接口都会对应一个request对象
	request := ssl.NewDeployCertificateInstanceRequest()

	request.CertificateId = common.StringPtr(certId)
	request.ResourceType = common.StringPtr("cdn")
	request.Status = common.Int64Ptr(1)

	// 如果是泛域名就从cdn列表下获取SSL证书中的可用域名
	domain := getDeployString(d.option.DeployConfig, "domain")
	if strings.Contains(domain, "*") {
		list, errGetList := d.getDomainList(certId)
		if errGetList != nil {
			return fmt.Errorf("failed to get certificate domain list: %w", errGetList)
		}
		if len(list) == 0 {
			d.infos = append(d.infos, "没有需要部署的实例")
			return nil
		}
		request.InstanceIdList = common.StringPtrs(list)
	} else { // 否则直接使用传入的域名
		deployed, _ := d.isDomainDeployed(certId, domain)
		if(deployed){
			d.infos = append(d.infos, "域名已部署")
			return nil
		}else{
			request.InstanceIdList = common.StringPtrs([]string{domain})
		}
	}

	// 返回的resp是一个DeployCertificateInstanceResponse的实例，与请求对象对应
	resp, err := client.DeployCertificateInstance(request)
	if err != nil {
		return fmt.Errorf("failed to deploy certificate: %w", err)
	}
	d.infos = append(d.infos, toStr("部署证书", resp.Response))
	return nil
}

func (d *TencentCDNDeployer) getDomainList(certId string) ([]string, error) {
	cpf := profile.NewClientProfile()
	cpf.HttpProfile.Endpoint = "cdn.tencentcloudapi.com"
	client, _ := cdn.NewClient(d.credential, "", cpf)

	request := cdn.NewDescribeCertDomainsRequest()

	request.CertId = common.StringPtr(certId)

	response, err := client.DescribeCertDomains(request)
	if err != nil {
		return nil, fmt.Errorf("failed to get domain list: %w", err)
	}

	deployedDomains, err := d.getDeployedDomainList(certId)
	if err != nil {
		return nil, fmt.Errorf("failed to get deployed domain list: %w", err)
	}

	domains := make([]string, 0)
	for _, domain := range response.Response.Domains {
		domainStr := *domain
		if(slices.Contains(deployedDomains, domainStr)){
			domains = append(domains, domainStr)
		}
	}

	return domains, nil
}

func (d *TencentCDNDeployer) isDomainDeployed(certId, domain string) (bool, error) {
	deployedDomains, err := d.getDeployedDomainList(certId)
	if(err != nil){
		return false, err
	}

	return slices.Contains(deployedDomains, domain), nil
}

func (d *TencentCDNDeployer) getDeployedDomainList(certId string) ([]string, error) {
	cpf := profile.NewClientProfile()
	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
	client, _ := ssl.NewClient(d.credential, "", cpf)

	request := ssl.NewDescribeDeployedResourcesRequest()
	request.CertificateIds = common.StringPtrs([]string{certId})
	request.ResourceType = common.StringPtr("cdn")

	response, err := client.DescribeDeployedResources(request)
	if err != nil {
		return nil, fmt.Errorf("failed to get deployed domain list: %w", err)
	}

	domains := make([]string, 0)
	for _, domain := range response.Response.DeployedResources[0].Resources {
		domains = append(domains, *domain)
	}

	return domains, nil
}