package app

import (
	"fmt"
	"net/http"
	common "user-manager-api/app/common"
	"user-manager-api/app/ldap"
)

func NewPool(backends *UserSession, poolname string) (int, error) {
	// only pve backend handles pools
	return backends.PVE.NewPool(poolname)
}

// get pool recursive resolving groups
func GetPool(backends *UserSession, poolname string) (common.Pool, int, error) {
	pool := common.Pool{}
	// get pool from PVE
	pvepool, members, code, err := backends.PVE.GetPool(poolname)
	if err != nil {
		return pool, code, err
	}
	// get pool from DB
	dbpool, _, code, err := backends.DB.GetPool(poolname)
	if err != nil {
		return pool, code, err
	}
	// assign pool id from PVE, assign everything else from DB
	pool.PoolID = pvepool.PoolID
	pool.Resources = dbpool.Resources
	pool.AllowedNodes = dbpool.AllowedNodes
	pool.AllowedVMIDRange = dbpool.AllowedVMIDRange
	pool.AllowedBackups = dbpool.AllowedBackups
	pool.Templates = dbpool.Templates

	// pool members are groups
	for _, groupid := range members {
		groupname, err := common.ParseGroupname(groupid)
		if err != nil {
			return pool, code, fmt.Errorf("pool %s had member %s which is not a valid groupname", poolname, groupid)
		}
		group, code, err := GetGroup(backends, groupname)
		if err != nil {
			return pool, code, err
		}
		group.Role = Config.PVE.PAASClientRole
		pool.Groups = append(pool.Groups, group)
	}

	return pool, http.StatusOK, nil
}
func DelPool(backends *UserSession, poolname string) (int, error) {
	// only pve backend handles pools
	return backends.PVE.DelPool(poolname)
}

func NewGroup(backends *UserSession, groupname common.Groupname) (int, error) {
	if groupname.Realm == "pve" {
		return backends.PVE.NewGroup(groupname)
	} else if groupname.Realm == backends.Realm.Name {
		realm_handler := backends.Realm.Handler.(common.Backend)
		code, err := realm_handler.NewGroup(groupname)
		if err != nil {
			return code, err
		}
		return backends.PVE.SyncRealms()
	} else {
		return http.StatusUnauthorized, fmt.Errorf("user is not in the same realm as requested group")
	}
}

func GetGroup(backends *UserSession, groupname common.Groupname) (common.Group, int, error) {
	// resolve group from relevant backend
	if groupname.Realm == "pve" {
		group, members, code, err := backends.PVE.GetGroup(groupname)
		if err != nil {
			return group, code, err
		}
		// group members are users
		for _, userid := range members {
			username, err := common.ParseUsername(userid)
			if err != nil {
				return group, http.StatusInternalServerError, fmt.Errorf("group %s had member %s which is not a valid username", groupname.ToString(), userid)
			}
			// fetch and append user
			user, code, err := GetUser(backends, username)
			if err != nil {
				return group, code, err
			}
			group.Users = append(group.Users, user)
		}

		return group, http.StatusOK, nil
	} else if groupname.Realm == backends.Realm.Name {
		group, members, code, err := backends.Realm.Handler.(common.Backend).GetGroup(groupname)
		if err != nil {
			return common.Group{}, code, err
		}
		// group mambers are users
		for _, userdn := range members {
			// member list is of ldap user DN instead of pve userid
			ldapuid, err := ldap.ExtractUIDFromUserDN(userdn)
			if err != nil {
				return group, http.StatusInternalServerError, fmt.Errorf("group %s had member %s which is not a valid user DN", groupname.ToString(), userdn)
			}
			// generate username from user DN (slightly inefficient)
			userid := fmt.Sprintf("%s@%s", ldapuid, backends.Realm.Name)
			username, err := common.ParseUsername(userid)
			if err != nil {
				return group, http.StatusInternalServerError, fmt.Errorf("group %s had member %s which is not a valid username", groupname.ToString(), userid)
			}
			// fetch and append user
			user, code, err := GetUser(backends, username)
			if err != nil {
				return group, code, err
			}
			group.Users = append(group.Users, user)
		}

		return group, http.StatusOK, nil
	} else {
		return common.Group{}, http.StatusUnauthorized, fmt.Errorf("user is not in the same realm as requested group")
	}
}

func DelGroup(backends *UserSession, groupname common.Groupname) (int, error) {
	if groupname.Realm == "pve" {
		return backends.PVE.DelGroup(groupname)
	} else if groupname.Realm == backends.Realm.Name {
		realm_handler := backends.Realm.Handler.(common.Backend)
		code, err := realm_handler.DelGroup(groupname)
		if err != nil {
			return code, err
		}
		return backends.PVE.SyncRealms()
	} else {
		return http.StatusUnauthorized, fmt.Errorf("user is not in the same realm as requested group")
	}
}

func AddGroupToPool(backends *UserSession, groupname common.Groupname, poolname string) (int, error) {
	// only pve backend handles pool-group membership
	return backends.PVE.AddGroupToPool(groupname, poolname)
}

func DelGroupFromPool(backends *UserSession, groupname common.Groupname, poolname string) (int, error) {
	// only pve backend handles pool-group membership
	return backends.PVE.DelGroupFromPool(groupname, poolname)
}

func NewUser(backends *UserSession, username common.Username, user common.User) (int, error) {
	if username.Realm == "pve" {
		return backends.PVE.NewUser(username, user)
	} else if username.Realm == backends.Realm.Name {
		realm_handler := backends.Realm.Handler.(common.Backend)
		code, err := realm_handler.NewUser(username, user)
		if err != nil {
			return code, err
		}
		return backends.PVE.SyncRealms()
	} else {
		return http.StatusUnauthorized, fmt.Errorf("user is not in the same realm as requested user")
	}
}

func GetUser(backends *UserSession, username common.Username) (common.User, int, error) {
	// fetch user from relevant realm
	if username.Realm == "pve" {
		pveuser, code, err := backends.PVE.GetUser(username)
		if err != nil {
			return common.User{}, code, err
		}
		return pveuser, http.StatusOK, nil
	} else if username.Realm == backends.Realm.Name {
		realmuser, code, err := backends.Realm.Handler.(common.Backend).GetUser(username)
		if err != nil {
			return common.User{}, code, err
		}
		return realmuser, http.StatusOK, nil
	} else {
		return common.User{}, http.StatusUnauthorized, fmt.Errorf("user is not in the same realm as requested user")
	}
}

func DelUser(backends *UserSession, username common.Username) (int, error) {
	if username.Realm == "pve" {
		return backends.PVE.DelUser(username)
	} else if username.Realm == backends.Realm.Name {
		realm_handler := backends.Realm.Handler.(common.Backend)
		code, err := realm_handler.DelUser(username)
		if err != nil {
			return code, err
		}
		return backends.PVE.SyncRealms()
	} else {
		return http.StatusUnauthorized, fmt.Errorf("user is not in the same realm as requested user")
	}
}

func AddUserToGroup(backends *UserSession, username common.Username, groupname common.Groupname) (int, error) {
	if username.Realm == "pve" && groupname.Realm == "pve" { // both requested user and requested group are in proxmox
		return backends.PVE.AddUserToGroup(username, groupname)
	} else if username.Realm == backends.Realm.Name && groupname.Realm == "pve" { // requested user is in user's realm but group is in proxmox
		return backends.PVE.AddUserToGroup(username, groupname)
	} else if username.Realm == backends.Realm.Name && groupname.Realm == backends.Realm.Name { // both requested user and requested group are in user's realm
		realm_handler := backends.Realm.Handler.(common.Backend)
		code, err := realm_handler.AddUserToGroup(username, groupname)
		if err != nil {
			return code, err
		}
		return backends.PVE.SyncRealms()
	} else {
		return http.StatusUnauthorized, fmt.Errorf("cannot add a pve user to a group in %s", groupname.Realm)
	}
}

func DelUserFromGroup(backends *UserSession, username common.Username, groupname common.Groupname) (int, error) {
	if username.Realm == "pve" && groupname.Realm == "pve" { // both requested user and requested group are in proxmox
		return backends.PVE.DelUserFromGroup(username, groupname)
	} else if username.Realm == backends.Realm.Name && groupname.Realm == "pve" { // requested user is in user's realm but group is in proxmox
		return backends.PVE.DelUserFromGroup(username, groupname)
	} else if username.Realm == backends.Realm.Name && groupname.Realm == backends.Realm.Name { // both requested user and requested group are in user's realm
		realm_handler := backends.Realm.Handler.(common.Backend)
		code, err := realm_handler.DelUserFromGroup(username, groupname)
		if err != nil {
			return code, err
		}
		return backends.PVE.SyncRealms()
	} else {
		return http.StatusUnauthorized, fmt.Errorf("cannot remove a pve user from a group in %s", groupname.Realm)
	}
}