require "ipc"

require "baguette-crystal-base"
require "./config"
require "./exceptions"

class DNSManager::Service < IPC
	property configuration    : Baguette::Configuration::DNSManager
	getter storage            : DNSManager::Storage
	getter logged_users       : Hash(Int32, AuthD::User::Public)

	property authd            : AuthD::Client

	def initialize(@configuration)
		super()
		@storage = DNSManager::Storage.new @configuration.storage_directory, @configuration.recreate_indexes

		@logged_users = Hash(Int32, AuthD::User::Public).new

		# TODO: auth service isn't in the FDs pool.
		# If the service crashes, dnsmanagerd won't know it.
		@authd = AuthD::Client.new
		response = authd.login? @configuration.login, @configuration.pass.not_nil!
		case response
		when AuthD::Response::Login
			uid = response.uid
			token = response.token
			Baguette::Log.info "Authenticated as #{@configuration.login} #{uid}, token: #{token}"
		else
			@authd.close
			raise "Cannot authenticate to authd with login #{@configuration.login}: #{response}."
		end

		@storage.dnsmanagerd = self
		self.timer @configuration.ipc_timer
		self.service_init @configuration.service_name
	end

	def get_logged_user(event : IPC::Event)
		@logged_users[event.fd]?
	end

	def decode_token(token : String)
		@authd.decode_token token
	end

	def is_admin?(uid : UInt32) : Bool
		perms = check_permissions uid, "*"
		(perms == AuthD::User::PermissionLevel::Admin)
	end

	def check_permissions(uid : UInt32, resource : String) : AuthD::User::PermissionLevel
		response = @authd.check_permission uid, "dnsmanager", resource
		case response
		when AuthD::Response::PermissionCheck
			return response.permission
		end
		raise CannotCheckPermissionsException.new uid, resource
	rescue e
		Baguette::Log.error "error while checking permissions: #{e}"
		raise CannotCheckPermissionsException.new uid, resource
	end

	def assert_permissions!(uid : UInt32, resource : String, perms : AuthD::User::PermissionLevel)
		if check_permissions(uid, resource) < perms
			raise AuthorizationException.new
		end
	end

	def handle_request(event : IPC::Event)
		request_start = Time.utc

		array = event.message.not_nil!
		slice = Slice.new array.to_unsafe, array.size
		message = IPCMessage::TypedMessage.deserialize slice
		request = DNSManager.requests.parse_ipc_json message.not_nil!

		if request.nil?
			raise "unknown request type"
		end

		reqname = request.class.name.sub /^DNSManager::Request::/, ""

		response = begin
			request.handle self, event
		rescue e : AuthorizationException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} authorization error"
			Response::Error.new "authorization error"
		rescue e : DomainNotFoundException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} domain not found"
			Response::DomainNotFound.new
		rescue e : CannotCheckPermissionsException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} cannot check permissions of user '#{e.uid}' on resource '#{e.resource}'"
			Response::InsufficientRights.new
		rescue e : UnknownUserException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} unknown user"
			Response::UnknownUser.new
		rescue e : NoOwnershipException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} no ownership error"
			Response::NoOwnership.new
		rescue e : NotLoggedException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} user not logged"
			Response::Error.new "user not logged"
		rescue e : RRNotFoundException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} RR not found"
			Response::RRNotFound.new
		rescue e : TokenNotFoundException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} Token not found"
			Response::Error.new "token not found"
		rescue e : RRReadOnlyException
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} RR is read only"
			Response::RRReadOnly.new e.domain, e.rr
		rescue e # Generic case
			Baguette::Log.error "(fd #{"%4d" % event.fd}) #{reqname} generic error #{e}"
			Response::Error.new "generic error"
		end

		# If clients sent requests with an “id” field, it is copied
		# in the responses. Allows identifying responses easily.
		response.id = request.id

		schedule event.fd, response

		duration = Time.utc - request_start

		response_name = response.class.name.sub /^DNSManager::Response::/, ""

		if response.is_a? DNSManager::Response::Error
			Baguette::Log.warning "fd #{"%4d" % event.fd} (#{duration}) #{reqname} >> #{response_name} (#{response.reason})"
		else
			if reqname != "KeepAlive" || @configuration.print_keepalive
				Baguette::Log.debug "fd #{"%4d" % event.fd} (#{duration}) #{reqname} >> #{response_name}"
			end
		end
	end

	def run
		Baguette::Log.title "Starting #{@configuration.service_name}"

		self.loop do |event|
			begin
				case event.type
				when LibIPC::EventType::Timer
					Baguette::Log.debug "Timer." if @configuration.print_ipc_timer

				when LibIPC::EventType::Connection
					Baguette::Log.debug "New connection!" if @configuration.print_ipc_connection

				when LibIPC::EventType::Disconnection
					Baguette::Log.debug "Disconnection from #{event.fd}." if @configuration.print_ipc_disconnection
					@logged_users.delete event.fd

				when LibIPC::EventType::MessageTx
					Baguette::Log.debug "Message sent to #{event.fd}." if @configuration.print_ipc_message_sent

				when LibIPC::EventType::MessageRx
					Baguette::Log.debug "Message received from #{event.fd}." if @configuration.print_ipc_message_received
					handle_request event

				else
					Baguette::Log.warning "Unhandled IPC event: #{event.class}."
					if event.responds_to?(:fd)
						fd = event.fd
						Baguette::Log.warning "closing #{fd}"
						close fd
						@logged_users.delete fd
					end
				end

			rescue exception
				Baguette::Log.error "exception: #{typeof(exception)} - #{exception.message}"
			end
		end
	end
end