package nodeprocessor

import (
	"context"
	"fmt"
	"time"

	"golang.org/x/exp/maps"

	"github.com/usual2970/certimate/internal/applicant"
	"github.com/usual2970/certimate/internal/domain"
	"github.com/usual2970/certimate/internal/pkg/utils/certutil"
	"github.com/usual2970/certimate/internal/repository"
)

type applyNode struct {
	node *domain.WorkflowNode
	*nodeProcessor

	certRepo   certificateRepository
	outputRepo workflowOutputRepository
}

func NewApplyNode(node *domain.WorkflowNode) *applyNode {
	return &applyNode{
		node:          node,
		nodeProcessor: newNodeProcessor(node),

		certRepo:   repository.NewCertificateRepository(),
		outputRepo: repository.NewWorkflowOutputRepository(),
	}
}

func (n *applyNode) Process(ctx context.Context) error {
	n.logger.Info("ready to apply ...")

	// 查询上次执行结果
	lastOutput, err := n.outputRepo.GetByNodeId(ctx, n.node.Id)
	if err != nil && !domain.IsRecordNotFoundError(err) {
		return err
	}

	// 检测是否可以跳过本次执行
	if skippable, skipReason := n.checkCanSkip(ctx, lastOutput); skippable {
		n.logger.Info(fmt.Sprintf("skip this application, because %s", skipReason))
		return nil
	} else if skipReason != "" {
		n.logger.Info(fmt.Sprintf("continue to apply, because %s", skipReason))
	}

	// 初始化申请器
	applicant, err := applicant.NewWithApplyNode(n.node)
	if err != nil {
		n.logger.Warn("failed to create applicant provider")
		return err
	}

	// 申请证书
	applyResult, err := applicant.Apply()
	if err != nil {
		n.logger.Warn("failed to apply")
		return err
	}

	// 解析证书并生成实体
	certX509, err := certutil.ParseCertificateFromPEM(applyResult.CertificateFullChain)
	if err != nil {
		n.logger.Warn("failed to parse certificate, may be the CA responded error")
		return err
	}
	certificate := &domain.Certificate{
		Source:            domain.CertificateSourceTypeWorkflow,
		Certificate:       applyResult.CertificateFullChain,
		PrivateKey:        applyResult.PrivateKey,
		IssuerCertificate: applyResult.IssuerCertificate,
		ACMEAccountUrl:    applyResult.ACMEAccountUrl,
		ACMECertUrl:       applyResult.ACMECertUrl,
		ACMECertStableUrl: applyResult.ACMECertStableUrl,
	}
	certificate.PopulateFromX509(certX509)

	// 保存执行结果
	output := &domain.WorkflowOutput{
		WorkflowId: getContextWorkflowId(ctx),
		RunId:      getContextWorkflowRunId(ctx),
		NodeId:     n.node.Id,
		Node:       n.node,
		Succeeded:  true,
		Outputs:    n.node.Outputs,
	}
	if _, err := n.outputRepo.SaveWithCertificate(ctx, output, certificate); err != nil {
		n.logger.Warn("failed to save node output")
		return err
	}

	n.logger.Info("apply completed")

	return nil
}

func (n *applyNode) checkCanSkip(ctx context.Context, lastOutput *domain.WorkflowOutput) (skip bool, reason string) {
	if lastOutput != nil && lastOutput.Succeeded {
		// 比较和上次申请时的关键配置(即影响证书签发的)参数是否一致
		currentNodeConfig := n.node.GetConfigForApply()
		lastNodeConfig := lastOutput.Node.GetConfigForApply()
		if currentNodeConfig.Domains != lastNodeConfig.Domains {
			return false, "the configuration item 'Domains' changed"
		}
		if currentNodeConfig.ContactEmail != lastNodeConfig.ContactEmail {
			return false, "the configuration item 'ContactEmail' changed"
		}
		if currentNodeConfig.ProviderAccessId != lastNodeConfig.ProviderAccessId {
			return false, "the configuration item 'ProviderAccessId' changed"
		}
		if !maps.Equal(currentNodeConfig.ProviderConfig, lastNodeConfig.ProviderConfig) {
			return false, "the configuration item 'ProviderConfig' changed"
		}
		if currentNodeConfig.KeyAlgorithm != lastNodeConfig.KeyAlgorithm {
			return false, "the configuration item 'KeyAlgorithm' changed"
		}

		lastCertificate, _ := n.certRepo.GetByWorkflowNodeId(ctx, n.node.Id)
		if lastCertificate != nil {
			renewalInterval := time.Duration(currentNodeConfig.SkipBeforeExpiryDays) * time.Hour * 24
			expirationTime := time.Until(lastCertificate.ExpireAt)
			if expirationTime > renewalInterval {
				return true, fmt.Sprintf("the certificate has already been issued (expires in %dd, next renewal in %dd)", int(expirationTime.Hours()/24), currentNodeConfig.SkipBeforeExpiryDays)
			}
		}
	}

	return false, ""
}