package main

import (
	"crypto/tls"
	"flag"
	"log"
	"net/http"
	"time"

	"github.com/darkit/goproxy/internal/config"
	"github.com/darkit/goproxy/internal/proxy"
)

// 自定义委托，用于HTTPS到HTTPS代理
type CustomDelegate struct {
	proxy.DefaultDelegate
	targetHost string
	targetPort string
}

// 修改请求头
func (d *CustomDelegate) ModifyRequest(req *http.Request) {
	log.Printf("收到加密请求: %s %s", req.Method, req.URL.String())

	// 设置标准浏览器请求头
	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/122.0.0.0 Safari/537.36")
	req.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8")
	req.Header.Set("Connection", "keep-alive")

	// 设置Host头
	req.Host = d.targetHost

	// 设置请求的URL方案为HTTPS
	req.URL.Scheme = "https"

	log.Printf("转发请求到: https://%s:%s%s", d.targetHost, d.targetPort, req.URL.Path)
}

// 修改响应头
func (d *CustomDelegate) ModifyResponse(resp *http.Response) error {
	log.Printf("收到目标响应: %d %s", resp.StatusCode, resp.Status)

	// 添加代理标识
	resp.Header.Set("X-Proxied-By", "GoProxy-HTTPS2HTTPS")
	resp.Header.Set("X-Proxy-Target", d.targetHost)

	// 添加CORS头
	resp.Header.Set("Access-Control-Allow-Origin", "*")

	return nil
}

// 解析后端服务器
func (d *CustomDelegate) ResolveBackend(req *http.Request) (string, error) {
	// 直接返回目标地址和端口
	address := d.targetHost + ":" + d.targetPort
	log.Printf("连接到目标服务器: %s", address)
	return address, nil
}

func main() {
	// 命令行参数
	listenAddr := flag.String("listen", ":8443", "监听地址")
	targetHost := flag.String("target", "www.github.com", "目标站点主机名")
	targetPort := flag.String("port", "443", "目标站点端口")
	certFile := flag.String("cert", "server.crt", "TLS证书文件路径")
	keyFile := flag.String("key", "server.key", "TLS密钥文件路径")
	flag.Parse()

	// 创建配置
	cfg := config.DefaultConfig()
	cfg.ReverseProxy = true            // 启用反向代理模式
	cfg.DecryptHTTPS = false           // 不解密HTTPS流量，避免TLS问题
	cfg.TLSCert = *certFile            // TLS证书文件路径
	cfg.TLSKey = *keyFile              // TLS密钥文件路径
	cfg.IdleTimeout = 30 * time.Second // 连接空闲超时
	cfg.AddXForwardedFor = true        // 添加X-Forwarded-For头
	cfg.AddXRealIP = true              // 添加X-Real-IP头
	cfg.SupportWebSocketUpgrade = true // 支持WebSocket升级
	cfg.EnableCompression = false      // 不启用压缩
	cfg.EnableCORS = true              // 启用CORS
	cfg.EnableRetry = false            // 关闭重试功能
	cfg.EnableConnectionPool = false   // 禁用连接池

	// 创建自定义委托
	delegate := &CustomDelegate{
		targetHost: *targetHost,
		targetPort: *targetPort,
	}

	// 创建代理实例
	p := proxy.New(&proxy.Options{
		Config:   cfg,
		Delegate: delegate,
	})

	// 创建HTTPS服务器
	server := &http.Server{
		Addr:    *listenAddr,
		Handler: p,
		TLSConfig: &tls.Config{
			MinVersion: tls.VersionTLS12,
		},
	}

	// 启动HTTPS服务器
	log.Printf("HTTPS->HTTPS代理启动，监听地址: %s，目标: https://%s:%s",
		*listenAddr, *targetHost, *targetPort)
	log.Printf("使用TLS证书: %s，密钥: %s", *certFile, *keyFile)

	err := server.ListenAndServeTLS(*certFile, *keyFile)
	if err != nil {
		log.Fatalf("服务器启动失败: %v", err)
	}
}

// 生成自签名SSL证书命令示例:
// openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes -subj "/CN=localhost"