require_dependency 'carto/helpers/url_validator'

module Carto
  class OauthApp < ActiveRecord::Base
    # Multiple of 3 for pretty base64
    CLIENT_ID_RANDOM_BYTES = 9
    CLIENT_SECRET_RANDOM_BYTES = 18

    include ::LoggerHelper

    belongs_to :user, inverse_of: :oauth_apps
    has_many :oauth_app_users, inverse_of: :oauth_app, dependent: :destroy
    has_many :oauth_app_organizations, inverse_of: :oauth_app, dependent: :destroy

    validates :user, presence: true, if: -> { sync_with_central? || !central_enabled? }
    validates :name, presence: true
    validates :website_url, presence: true, url: true
    validates :client_id, presence: true
    validates :client_secret, presence: true
    validates :redirect_uris, presence: true
    validates :icon_url, url: true, if: -> { icon_url.present? }
    validates :oauth_app_organizations, absence: true, unless: :restricted?
    validate :validate_uris

    before_validation :ensure_keys_generated

    after_create :create_central, if: :sync_with_central?
    after_update :update_central, if: :sync_with_central?
    after_destroy :delete_central, if: :sync_with_central?

    before_destroy :collect_users, unless: :avoid_send_notification, prepend: true
    after_destroy :send_app_removal_notification, unless: :avoid_send_notification

    ALLOWED_SYNC_ATTRIBUTES = %i[id name client_id client_secret redirect_uris
      icon_url restricted description website_url].freeze

    attr_accessor :avoid_sync_central, :avoid_send_notification

    # this should be exactly the same method as in Central
    # mostly used for testing the Superadmin API
    def api_attributes
      attributes.symbolize_keys.slice(*ALLOWED_SYNC_ATTRIBUTES).merge(user_id: user.id)
    end

    def regenerate_client_secret!
      self.client_secret = SecureRandom.urlsafe_base64(CLIENT_SECRET_RANDOM_BYTES)
      save!
    end

    private

    def collect_users
      @user_ids = oauth_app_users.collect { |u| u.user.id }
    end

    def send_app_removal_notification
      return if @user_ids.empty?
      notification = Carto::Notification.create!(body: notification_body, icon: Notification::ICON_ALERT)
      ::Resque.enqueue(::Resque::UserJobs::Notifications::Send, @user_ids, notification.id)
    rescue StandardError => e
      log_warning(
        message: "Couldn't notify users about oauth_app deletion",
        notification: notification&.attributes&.slice(:id, :name),
        exception: e
      )
      raise e
    end

    def notification_body
      "The app #{name} has signed off. You may find more information in their [website](#{website_url})."
    end

    def ensure_keys_generated
      self.client_id ||= SecureRandom.urlsafe_base64(CLIENT_ID_RANDOM_BYTES)
      self.client_secret ||= SecureRandom.urlsafe_base64(CLIENT_SECRET_RANDOM_BYTES)
    end

    def validate_uris
      redirect_uris && redirect_uris.each { |uri| validate_uri(uri) }
    end

    def validate_uri(redirect_uri)
      uri = URI.parse(redirect_uri)
      errors.add(:redirect_uris, "must be absolute") unless uri.absolute?
      errors.add(:redirect_uris, "must be https") unless uri.scheme == 'https'
      errors.add(:redirect_uris, "must not contain a fragment") unless uri.fragment.nil?
    rescue URI::InvalidURIError
      errors.add(:redirect_uris, "must be valid")
    end

    def create_central
      cartodb_central_client.create_oauth_app(user.username, sync_attributes)
    end

    def update_central
      cartodb_central_client.update_oauth_app(user.username, id, sync_attributes)
    end

    def delete_central
      cartodb_central_client.delete_oauth_app(user.username, id)
    end

    def cartodb_central_client
      @cartodb_central_client ||= Cartodb::Central.new
    end

    def sync_with_central?
      central_enabled? && !avoid_sync_central
    end

    def central_enabled?
      Cartodb::Central.sync_data_with_cartodb_central?
    end

    def sync_attributes(attrs = attributes)
      attrs.symbolize_keys.slice(*ALLOWED_SYNC_ATTRIBUTES)
    end
  end
end