import * as bodyParser from 'body-parser';
import { blue, yellow } from 'colors';
import * as cookieParser from 'cookie-parser';
import * as cors from 'cors';
import * as express from 'express';
import * as session from 'express-session';
import * as expressValidator from 'express-validator';
import * as fs from 'fs';
import { Server as HttpServer } from 'http';
import { createServer, Server as HttpsServer } from 'https';
import * as passport from 'passport';
import * as request from 'request';
import * as webpack from 'webpack';
import * as wdm from 'webpack-dev-middleware';
import * as whm from 'webpack-hot-middleware';
import * as zlib from 'zlib';
import { publicDirectory } from '.';
import { logPort } from './ActionUtilities';
import { SSL } from './apis/google/CredentialsLoader';
import { getForgot, getLogin, getLogout, getReset, getSignup, postForgot, postLogin, postReset, postSignup } from './authentication/AuthenticationManager';
import { Database } from './database';
import RouteManager from './RouteManager';
import RouteSubscriber from './RouteSubscriber';
import { WebSocket } from './websocket';
import brotli = require('brotli');
import expressFlash = require('express-flash');
import flash = require('connect-flash');
const MongoStore = require('connect-mongo')(session);
const config = require('../../webpack.config');
const compiler = webpack(config);

/* RouteSetter is a wrapper around the server that prevents the server
   from being exposed. */
export type RouteSetter = (server: RouteManager) => void;
//export let disconnect: Function;

export let resolvedPorts: { server: number; socket: number } = { server: 1050, socket: 4321 };
export let resolvedServerUrl: string;

export default async function InitializeServer(routeSetter: RouteSetter) {
    const isRelease = determineEnvironment();
    const app = buildWithMiddleware(express());

    const compiler = webpack(config);

    app.use(
        require('webpack-dev-middleware')(compiler, {
            publicPath: config.output.publicPath,
        })
    );

    app.use(require('webpack-hot-middleware')(compiler));

    // route table managed by express.  routes are tested sequentially against each of these map rules.  when a match is found, the handler is called to process the request
    app.get(new RegExp(/^\/+$/), (req, res) => res.redirect(req.user ? '/home' : '/login')); // target urls that consist of one or more '/'s with nothing in between
    app.use(express.static(publicDirectory, { setHeaders: res => res.setHeader('Access-Control-Allow-Origin', '*') })); //all urls that start with dash's public directory: /files/  (e.g., /files/images, /files/audio, etc)
    app.use(cors({ origin: (_origin: any, callback: any) => callback(null, true) }));
    app.use(wdm(compiler, { publicPath: config.output.publicPath }));
    app.use(whm(compiler));
    registerAuthenticationRoutes(app); // this adds routes to authenticate a user (login, etc)
    registerCorsProxy(app); // this adds a /corsProxy/ route to allow clients to get to urls that would otherwise be blocked by cors policies
    isRelease && !SSL.Loaded && SSL.exit();
    routeSetter(new RouteManager(app, isRelease)); // this sets up all the regular supervised routes (things like /home, download/upload api's, pdf, search, session, etc)
    registerEmbeddedBrowseRelativePathHandler(app); // this allows renered web pages which internally have relative paths to find their content

    let server: HttpServer | HttpsServer;
    isRelease && process.env.serverPort && (resolvedPorts.server = Number(process.env.serverPort));
    await new Promise<void>(resolve => (server = isRelease ? createServer(SSL.Credentials, app).listen(resolvedPorts.server, resolve) : app.listen(resolvedPorts.server, resolve)));
    logPort('server', resolvedPorts.server);

    resolvedServerUrl = `${isRelease && process.env.serverName ? `https://${process.env.serverName}.com` : 'http://localhost'}:${resolvedPorts.server}`;

    // initialize the web socket (bidirectional communication: if a user changes
    // a field on one client, that change must be broadcast to all other clients)
    await WebSocket.initialize(isRelease, app);

    //disconnect = async () => new Promise<Error>(resolve => server.close(resolve));
    return isRelease;
}

const week = 7 * 24 * 60 * 60 * 1000;
const secret = '64d6866242d3b5a5503c675b32c9605e4e90478e9b77bcf2bc';

function buildWithMiddleware(server: express.Express) {
    [
        cookieParser(),
        session({
            secret,
            resave: true,
            cookie: { maxAge: week },
            saveUninitialized: true,
            store: process.env.DB === 'MEM' ? new session.MemoryStore() : new MongoStore({ url: Database.url }),
        }),
        flash(),
        expressFlash(),
        bodyParser.json({ limit: '10mb' }),
        bodyParser.urlencoded({ extended: true }),
        expressValidator(),
        passport.initialize(),
        passport.session(),
        (req: express.Request, res: express.Response, next: express.NextFunction) => {
            res.locals.user = req.user;
            if ((req.originalUrl.endsWith('.png') || req.originalUrl.endsWith('.jpg') || (process.env.RELEASE === 'true' && req.originalUrl.endsWith('.js'))) && req.method === 'GET') {
                const period = 30000;
                res.set('Cache-control', `public, max-age=${period}`);
            } else {
                // for the other requests set strict no caching parameters
                res.set('Cache-control', `no-store`);
            }
            next();
        },
    ].forEach(next => server.use(next));
    return server;
}

/* Determine if the enviroment is dev mode or release mode. */
function determineEnvironment() {
    const isRelease = process.env.RELEASE === 'true';

    const color = isRelease ? blue : yellow;
    const label = isRelease ? 'release' : 'development';
    console.log(`\nrunning server in ${color(label)} mode`);

    // swilkins: I don't think we need to read from ClientUtils.RELEASE anymore. Should be able to invoke process.env.RELEASE
    // on the client side, thanks to dotenv in webpack.config.js
    let clientUtils = fs.readFileSync('./src/client/util/ClientUtils.ts.temp', 'utf8');
    clientUtils = `//AUTO-GENERATED FILE: DO NOT EDIT\n${clientUtils.replace('"mode"', String(isRelease))}`;
    fs.writeFileSync('./src/client/util/ClientUtils.ts', clientUtils, 'utf8');

    return isRelease;
}

function registerAuthenticationRoutes(server: express.Express) {
    server.get('/signup', getSignup);
    server.post('/signup', postSignup);

    server.get('/login', getLogin);
    server.post('/login', postLogin);

    server.get('/logout', getLogout);

    server.get('/forgotPassword', getForgot);
    server.post('/forgotPassword', postForgot);

    const reset = new RouteSubscriber('resetPassword').add('token').build;
    server.get(reset, getReset);
    server.post(reset, postReset);
}

function registerCorsProxy(server: express.Express) {
    server.use('/corsProxy', async (req, res) => {
        //const referer = req.headers.referer ? decodeURIComponent(req.headers.referer) : '';
        let requrl = decodeURIComponent(req.url.substring(1));
        const qsplit = requrl.split('?q=');
        const newqsplit = requrl.split('&q=');
        if (qsplit.length > 1 && newqsplit.length > 1) {
            const lastq = newqsplit[newqsplit.length - 1];
            requrl = qsplit[0] + '?q=' + lastq.split('&')[0] + '&' + qsplit[1].split('&')[1];
        }
        proxyServe(req, requrl, res);
    });
}

function proxyServe(req: any, requrl: string, response: any) {
    const htmlBodyMemoryStream = new (require('memorystream'))();
    var retrieveHTTPBody: any;
    var wasinBrFormat = false;
    const sendModifiedBody = () => {
        const header = response.headers['content-encoding'];
        const httpsToCors = (match: any, href: string, offset: any, string: any) => `href="${resolvedServerUrl + '/corsProxy/http' + href}"`;
        if (header?.includes('gzip')) {
            try {
                const bodyStream = htmlBodyMemoryStream.read();
                if (bodyStream) {
                    const htmlInputText = wasinBrFormat ? Buffer.from(brotli.decompress(bodyStream)) : zlib.gunzipSync(bodyStream);
                    const htmlText = htmlInputText
                        .toString('utf8')
                        .replace('<head>', '<head> <style>[id ^= "google"] { display: none; } </style>')
                        // .replace('<script', '<noscript')
                        // .replace('</script', '</noscript')
                        // .replace(/href="https?([^"]*)"/g, httpsToCors)
                        .replace(/data-srcset="[^"]*"/g, '')
                        .replace(/srcset="[^"]*"/g, '')
                        .replace(/target="_blank"/g, '');
                    response.send(zlib.gzipSync(htmlText));
                } else {
                    req.pipe(request(requrl)).pipe(response);
                    console.log('EMPTY body:' + req.url);
                }
            } catch (e) {
                console.log('ERROR?: ', e);
            }
        } else {
            req.pipe(htmlBodyMemoryStream).pipe(response);
        }
    };
    retrieveHTTPBody = () => {
        req.headers.cookie = '';
        req.pipe(request(requrl))
            .on('error', (e: any) => console.log(`Malformed CORS url: ${requrl}`, e))
            .on('response', (res: any) => {
                res.headers;
                const headers = Object.keys(res.headers);
                const headerCharRegex = /[^\t\x20-\x7e\x80-\xff]/;
                headers.forEach(headerName => {
                    const header = res.headers[headerName];
                    if (Array.isArray(header)) {
                        res.headers[headerName] = header.filter(h => !headerCharRegex.test(h));
                    } else if (headerCharRegex.test(header || '')) {
                        delete res.headers[headerName];
                    } else res.headers[headerName] = header;
                    if (headerName === 'content-encoding') {
                        wasinBrFormat = res.headers[headerName] === 'br';
                        res.headers[headerName] = 'gzip';
                    }
                });
                res.headers['x-permitted-cross-domain-policies'] = 'all';
                res.headers['x-frame-options'] = '';
                res.headers['content-security-policy'] = '';
                response.headers = response._headers = res.headers;
            })
            .on('end', sendModifiedBody)
            .pipe(htmlBodyMemoryStream);
    };
    retrieveHTTPBody();
}

function registerEmbeddedBrowseRelativePathHandler(server: express.Express) {
    server.use('*', (req, res) => {
        const relativeUrl = req.originalUrl;
        // if (req.originalUrl === '/css/main.css' || req.originalUrl === '/favicon.ico') res.end();
        // else
        if (!res.headersSent && req.headers.referer?.includes('corsProxy')) {
            if (!req.user) res.redirect('/home'); // When no user is logged in, we interpret a relative URL as being a reference to something they don't have access to and redirect to /home
            // a request for something by a proxied referrer means it must be a relative reference.  So construct a proxied absolute reference here.
            try {
                const proxiedRefererUrl = decodeURIComponent(req.headers.referer); // (e.g., http://localhost:<port>/corsProxy/https://en.wikipedia.org/wiki/Engelbart)
                const dashServerUrl = proxiedRefererUrl.match(/.*corsProxy\//)![0]; // the dash server url (e.g.: http://localhost:<port>/corsProxy/ )
                const actualReferUrl = proxiedRefererUrl.replace(dashServerUrl, ''); // the url of the referer without the proxy (e.g., : https://en.wikipedia.org/wiki/Engelbart)
                const absoluteTargetBaseUrl = actualReferUrl.match(/https?:\/\/[^\/]*/)![0]; // the base of the original url (e.g.,  https://en.wikipedia.org)
                const redirectedProxiedUrl = dashServerUrl + encodeURIComponent(absoluteTargetBaseUrl + relativeUrl); // the new proxied full url (e.g., http://localhost:<port>/corsProxy/https://en.wikipedia.org/<somethingelse>)
                if (relativeUrl.startsWith('//')) res.redirect('http:' + relativeUrl);
                else res.redirect(redirectedProxiedUrl);
            } catch (e) {
                console.log('Error embed: ', e);
            }
        } else if (relativeUrl.startsWith('/search') && !req.headers.referer?.includes('corsProxy')) {
            // detect search query and use default search engine
            res.redirect(req.headers.referer + 'corsProxy/' + encodeURIComponent('http://www.google.com' + relativeUrl));
        } else {
            res.end();
        }
    });
}