#!/usr/bin/lua

local uci = require('simple-uci').cursor()
local ip = require 'luci.ip' -- luci-lib-ip
local fetch = require 'luci.httpclient'
local json = require 'luci.jsonc'
local ecdsa = require 'gluon.ecdsa'
local site = require 'gluon.site'

local pretty_hostname = require 'pretty_hostname'
local hostname = pretty_hostname.get(uci)

local manapi = site.manman.api()
local mankey = site.manman.key()
-- TODO: use manman ecdsa key to verify response

-- NOTE: these will have mesh_ appended for static-ip
local mappings = {
  wifi = 'radio0',
  tunnel = 'vpn',
  eth = 'lan'
}

-- https://gist.github.com/Uradamus/10323382
local function shuffle(tbl)
  for i = #tbl, 2, -1 do
    local j = math.random(i)
    tbl[i], tbl[j] = tbl[j], tbl[i]
  end
  return tbl
end

local function fetch_signed_json(remote, url)
  local code, res, result = fetch.request_raw(remote .. url)

  if code < 1 then
    print('E: failed to fetch')
    return 1
  end

  if code == 404 then
    print('E: location does not exist')
    return 2
  end

  if code ~= 200 then
    print('E: got status code ' .. code)
    return 1
  end

  -- cloudflare's reverse proxies send http chunked responses with chunk sizes
  -- for whatever reasons the chunk size gets smashed into the result
  -- this is a hack to fish it out, it is irrelevant on unaffected reverse proxies
  local j_start = result:find('{')
  local j_end = (result:reverse()):find("}")
  result = string.sub(result, j_start, 1 - j_end)

  local sig = res.headers['x-ecdsa']
  local ts = res.headers['x-ecdsa-ts']

  if not sig or not ts then
    print('E: provided response is not signed')
    return 1
  end

  local data = ts .. '@' .. result
  if not ecdsa.verify(data, sig, mankey) then
    print('E: signature invalid or not signed with expected key')

    print('C: manman-sync is currently not properly signed')
    print('C: this error will be actually considered once manapi has been fixed')

    -- return 1
  end

  local obj = json.parse(result)

  if obj == nil then
    print('E: failed to parse json data')
    return 1
  end

  return false, obj
end

if uci:get_bool('gluon-manman-sync', 'sync', 'enabled') then
  local location_id = uci:get('gluon-manman-sync', 'sync', 'location_id')

  if not location_id then
    print('E: manman location_id missing')
    return 2
  end

  -- check manman reachability, abort if not reachable

  local working_remote

  for _, remote in ipairs(shuffle(manapi)) do
    if not working_remote then -- don't try other remotes if we got one that works
      print('Trying remote ' .. remote)

      local success, a, b, c = pcall(function() return fetch.request_raw(remote .. '/') end)
      if not success then
        print('E: couldnt reach manman: ' .. a)
      else
        if a ~= 200 then
          print('E: couldnt reach manman - unexpected fetch result', a, b, c)
        else
          working_remote = remote
        end
      end
    end
  end

  if not working_remote then
    print('E: couldnt reach any manapi server, giving up')
    return 1
  end

  -- try to fetch data
  print('Fetching manman data...')
  local err, location = fetch_signed_json(working_remote, '/location/show/' .. location_id)
  if err then
    return err
  end

  print('Syncing with location ' .. location.location.name)

  local owner = uci:get_first('gluon-node-info', 'owner')
  uci:set('gluon-node-info', owner, 'contact', location.administrator.email)
  local _location = uci:get_first('gluon-node-info', 'location')
  uci:set('gluon-node-info', _location, 'share_location', '1')
  uci:set('gluon-node-info', _location, 'latitude', location.location.lat)
  uci:set('gluon-node-info', _location, 'longitutde', location.location.long)

  local node
  local should_hostname

  if #location.nodes > 1 then
    for _, potential_node in ipairs(location.nodes) do
      if potential_node.name == hostname then
        node = potential_node
        should_hostname = location.location.name .. '-' .. node.name
      end
    end
  else
    node = location.nodes[1]
    should_hostname = location.location.name
  end

  if node == nil then
    print('E: unable to find matching node')
    return 2
  end

  if hostname ~= should_hostname then
    print('Renaming node to ' .. should_hostname)
    pretty_hostname.set(uci, should_hostname)
  end

  print('Syncing data for node ' .. node.name)

  -- TODO: compare device

  -- check if anything changed since last time
  -- if yes, apply changes and do gluon-reload


  for _, net in ipairs(node.interfaces) do
    local net_name = net.name
    local net_mapped = mappings[net_name] or net_name
    if not string.find(net_mapped, '_') then
      net_mapped = 'mesh_' .. net_mapped
    end

    local cidr = ip.new(net.ip, net.netmask):string()

    print('Syncing ' .. net_name .. ' as ' .. net_mapped .. ' to ' .. cidr)
    uci:set('gluon-static-ip', net_mapped, 'ip4', cidr)
  end

  uci:save('system')
  uci:save('gluon-manman-sync')
  uci:save('gluon-static-ip')
  uci:save('gluon-node-info')

  print('Applying changes...')
  os.execute('exec gluon-reconfigure')
  os.execute('exec gluon-reload')
else
  print('manman-sync not enabled, skipping')
end