#!/usr/bin/env python3

# this is a quick hack, to be improved later. trying to do the simplest
# thing that will possibly work.

## # TODO
##
## * put page content into templates/static files
## * clean up FIXME

import bottle
from bottle import route, run, request, response, redirect
from bottle import HTTPError, template
from sqlalchemy.ext.declarative import declarative_base
from bottle.ext import sqlalchemy
from pprint import pprint
from sqlalchemy import create_engine
import urllib.parse
import os
import random
import string
from datetime import datetime, timedelta

VERSION = "1.0.0"
PORT = os.environ.get("PORT", 8080)
DEBUG = os.environ.get("DEBUG", False)
SQLITE_FILENAME = os.environ.get("SQLITE_FILENAME", "/data/db.sqlite")
DATABASE_URL = os.environ.get("DATABASE_URL", "sqlite:///" + SQLITE_FILENAME)
ADMIN_PSK = os.environ.get("ADMIN_PSK", "hunter2")

# sorry for global
SQLBASE = declarative_base()

# FIXME make this skip letters not in base58
def randomUpper(count):
    return "".join(random.choice(string.ascii_uppercase) for _ in range(count))


# FIXME maybe make the IDs longer
def genRandomTVID():
    tvid = str(randomUpper(3) + "-" + randomUpper(3))
    return tvid


def serve():
    app = bottle.Bottle()

    # pull in models
    from .db import TV

    engine = create_engine(DATABASE_URL, echo=False)

    plugin = sqlalchemy.Plugin(
        engine,
        SQLBASE.metadata,
        keyword="db",
        create=True,
        commit=True,
        use_kwargs=False,
    )

    app.install(plugin)

    # here we cookie them if they have no cookie, then redirect them to the
    # cookie'd value (whether preexisting or new).
    @app.get("/")
    def indexpage():
        c = request.get_cookie("displayid")
        if c:
            # redirect
            return redirect("/tv/" + c)
        else:
            newid = genRandomTVID()
            response.set_cookie("displayid", newid)
            return redirect("/tv/" + newid)

    @app.get("/style.css")
    def stylesheet():
        response.content_type = "text/css"
        return template("style")

    # here we check to see if they have a redirect URL in the db. if they do
    # we send them there. if they don't, we display their ID really big,
    # reloading the page once per hour.
    @app.get("/tv/<displayid>")
    def tvpage(db, displayid=None):
        # FIXME check for cookie, this is broken
        if displayid is None:
            return template("nocookie")

        # check db for tv id
        tv = db.query(TV).filter_by(displayid=displayid).first()
        if tv:
            tv.lastSeen = datetime.now()
            db.add(tv)
            if tv.target:
                return redirect(tv.target)
            else:
                return template("displayid", id=displayid, version=VERSION)
        else:
            # otherwise, just show their display ID bigly and keep them
            # bouncing periodically until some admin configures them
            # a target:
            # update lastseen here:
            newtv = TV(displayid=displayid, lastSeen=datetime.now())
            db.add(newtv)
            return template("displayid", id=displayid, version=VERSION)

    @app.get("/admin/edit/<displayid>")
    def displayeditform(db, displayid=None):
        c = request.get_cookie("psk")
        if not c:
            return redirect("/login")
        if c != ADMIN_PSK:
            return redirect("/logout")
        if not displayid:
            return redirect("/admin")
        tv = db.query(TV).filter_by(displayid=displayid).first()
        if tv is None:
            return redirect("/admin")
        return template("displayeditform", tv=tv, version=VERSION)

    @app.post("/admin/edit")
    def displayedithandler(db):
        # FIXME SECURITY csrf issue
        c = request.get_cookie("psk")
        if not c:
            return redirect("/login")
        if c != ADMIN_PSK:
            return redirect("/logout")
        displayid = request.forms.get("displayid")
        tv = db.query(TV).filter_by(displayid=displayid).first()
        if tv is None:
            return redirect("/admin")
        # FIXME make sure this is a valid URL
        tv.target = request.forms.get("target")
        tv.memo = request.forms.get("formmemo")
        db.add(tv)
        db.commit()
        return redirect("/admin")

    # here we display the administration list of TVs if logged in
    # if logged out then redirect to /login
    # FIXME make this use sessions instead of just storing PSK in a cookie
    # https://bottlepy.org/docs/dev/recipes.html
    @app.get("/admin")
    def adminpage(db):
        c = request.get_cookie("psk")
        if not c:
            return redirect("/login")
        if c != ADMIN_PSK:
            return redirect("/logout")

        # first, cleanup db of old entries:
        week_ago = datetime.now() - timedelta(days=7)
        db.query(TV).filter(TV.lastSeen < week_ago).delete()
        db.commit()

        tvs = db.query(TV).order_by(TV.lastSeen.desc())
        response.headers["Cache-Control"] = "no-cache"
        return template("adminpanel", tvs=tvs, version=VERSION)

    # here we ask for a password:
    @app.get("/login")
    def loginform():
        msg = request.GET.msg
        return template("loginform", version=VERSION, msg=msg)

    @app.post("/checklogin")
    def checklogin():
        attemptedPass = request.forms.get("password")
        if not attemptedPass:
            return redirect(
                "/login?msg=" + urllib.parse.quote_plus(u"Incorrect password.")
            )
        if attemptedPass != ADMIN_PSK:
            return redirect(
                "/login?msg=" + urllib.parse.quote_plus(u"Incorrect password.")
            )
        # password is right, cookie them:
        response.set_cookie("psk", attemptedPass)
        return redirect("/admin")

    @app.get("/logout")
    def logout():
        response.set_cookie("psk", "")
        return redirect("/login")

    app.run(host="0.0.0.0", port=PORT, debug=DEBUG)