package handler

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"os"

	log "github.com/sirupsen/logrus"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
	"google.golang.org/grpc/health/grpc_health_v1"

	"github.com/wencaiwulue/kubevpn/v2/pkg/config"
	"github.com/wencaiwulue/kubevpn/v2/pkg/core"
	"github.com/wencaiwulue/kubevpn/v2/pkg/util"
	"github.com/wencaiwulue/kubevpn/v2/pkg/webhook/rpc"
)

func Complete(ctx context.Context, route *core.Route) error {
	if v, ok := os.LookupEnv(config.EnvInboundPodTunIPv4); !ok || v != "" {
		return nil
	}

	ns := os.Getenv(config.EnvPodNamespace)
	if ns == "" {
		return fmt.Errorf("can not get namespace")
	}
	client, err := getDHCPServerClient(ctx, ns)
	if err != nil {
		return err
	}
	var resp *rpc.RentIPResponse
	resp, err = client.RentIP(context.Background(), &rpc.RentIPRequest{
		PodName:      os.Getenv(config.EnvPodName),
		PodNamespace: ns,
	})
	if err != nil {
		return err
	}

	go func() {
		<-ctx.Done()
		err := release(context.Background(), client)
		if err != nil {
			log.Errorf("release ip failed: %v", err)
		} else {
			log.Errorf("release ip secuess")
		}
	}()

	log.Infof("rent an ipv4: %s, ipv6: %s", resp.IPv4CIDR, resp.IPv6CIDR)
	if err = os.Setenv(config.EnvInboundPodTunIPv4, resp.IPv4CIDR); err != nil {
		log.Errorf("can not set ip, err: %v", err)
		return err
	}
	if err = os.Setenv(config.EnvInboundPodTunIPv6, resp.IPv6CIDR); err != nil {
		log.Errorf("can not set ip, err: %v", err)
		return err
	}
	for i := 0; i < len(route.ServeNodes); i++ {
		var node *core.Node
		node, err = core.ParseNode(route.ServeNodes[i])
		if err != nil {
			return err
		}
		if node.Protocol == "tun" {
			if get := node.Get("net"); get == "" {
				route.ServeNodes[i] = route.ServeNodes[i] + "&net=" + resp.IPv4CIDR
			}
		}
	}

	return nil
}

func release(ctx context.Context, client rpc.DHCPClient) error {
	_, err := client.ReleaseIP(ctx, &rpc.ReleaseIPRequest{
		PodName:      os.Getenv(config.EnvPodName),
		PodNamespace: os.Getenv(config.EnvPodNamespace),
		IPv4CIDR:     os.Getenv(config.EnvInboundPodTunIPv4),
		IPv6CIDR:     os.Getenv(config.EnvInboundPodTunIPv6),
	})
	return err
}

func getDHCPServerClient(ctx context.Context, namespace string) (rpc.DHCPClient, error) {
	cert, ok := os.LookupEnv(config.TLSCertKey)
	if !ok {
		return nil, fmt.Errorf("can not get %s from env", config.TLSCertKey)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM([]byte(cert))

	conn, err := grpc.DialContext(ctx,
		fmt.Sprintf("%s:80", util.GetTlsDomain(namespace)),
		grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
			RootCAs: caCertPool,
		})),
	)
	if err != nil {
		return nil, err
	}
	healthClient := grpc_health_v1.NewHealthClient(conn)
	var resp *grpc_health_v1.HealthCheckResponse
	resp, err = healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{})
	if err != nil {
		return nil, err
	}
	if resp.Status != grpc_health_v1.HealthCheckResponse_SERVING {
		return nil, fmt.Errorf("grpc service is not heath: %s", resp.Status)
	}

	cli := rpc.NewDHCPClient(conn)
	return cli, nil
}