package org.gcube.smartgears.handlers.application.request;

import static org.gcube.smartgears.Constants.scope_header;
import static org.gcube.smartgears.Constants.token_header;
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;

import java.util.Base64;

import javax.xml.bind.annotation.XmlRootElement;

import org.gcube.common.authorization.utils.manager.SecretManager;
import org.gcube.common.authorization.utils.secret.GCubeSecret;
import org.gcube.common.authorization.utils.secret.JWTSecret;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.smartgears.Constants;
import org.gcube.smartgears.handlers.application.RequestEvent;
import org.gcube.smartgears.handlers.application.RequestHandler;
import org.gcube.smartgears.handlers.application.ResponseEvent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@XmlRootElement(name = Constants.request_context_retriever)
public class RequestContextRetriever extends RequestHandler {

	private static Logger log = LoggerFactory.getLogger(RequestContextRetriever.class);

	private static final String BEARER_AUTH_PREFIX ="Bearer"; 
	private static final String BASIC_AUTH_PREFIX ="Basic"; 


	@Override
	public String getName() {
		return Constants.request_context_retriever;
	}

	@Override
	public void handleRequest(RequestEvent call) {
		String token = call.request().getParameter(token_header)==null?	call.request().getHeader(token_header):call.request().getParameter(token_header);
		String scope = call.request().getParameter(scope_header)==null?	call.request().getHeader(scope_header):call.request().getParameter(scope_header);
		
		String authHeader  = call.request().getHeader(Constants.authorization_header);
		
		log.trace("authorization header is {}",authHeader);
		log.trace("token header is {}", token);
		log.trace("scope header is {}", scope);
		
		String retrievedUser = null;
		String accessToken = null;
		if (authHeader!=null && !authHeader.isEmpty()) {
			if (authHeader.startsWith(BEARER_AUTH_PREFIX))
				accessToken = authHeader.substring(BEARER_AUTH_PREFIX.length()).trim();
			else if (token==null && authHeader.startsWith(BASIC_AUTH_PREFIX)) {
				String basicAuthToken = authHeader.substring(BASIC_AUTH_PREFIX.length()).trim();
				String decodedAuth = new String(Base64.getDecoder().decode(basicAuthToken.getBytes()));
				String[] splitAuth = decodedAuth.split(":");
				token = splitAuth[1];
				retrievedUser = splitAuth[0];
			}
		}
	
		SecretManager secretManager = SecretManager.instance.get();
		
		if (accessToken!=null) {
			JWTSecret jwtSecret = new JWTSecret(accessToken);
			secretManager.addSecret(jwtSecret);
		} 
		
		if (token!=null) {
			GCubeSecret gCubeSecret = new GCubeSecret(token);
			secretManager.addSecret(gCubeSecret);
			try {
				if (retrievedUser != null && !gCubeSecret.getClientInfo().getId().equals(retrievedUser)) {
					internal_server_error.fire("user and token owner are not the same");
				}
			}catch (Exception e) {
				internal_server_error.fire(e.getMessage());
			}
		}
		
		if(accessToken==null && token==null) {
			if(scope!=null) {
				ScopeProvider.instance.set(scope);
			}
		}else {
			try {
				secretManager.set();
			} catch (Exception e) {
				internal_server_error.fire(e.getMessage());
			}
		}
		
	}

	@Override
	public void handleResponse(ResponseEvent e) {
		log.debug("resetting all the Thread local for this call.");
		SecretManager.instance.get().reset();
	}
	
}