use std::error::Error;
use std::fs;
use serde::{Deserialize, Serialize};
use url::Url;
use crate::api::APIErrorResponse;
use crate::{RoleCommands};

pub async fn role_main(command: RoleCommands, server: Url) -> Result<(), Box<dyn Error>> {
    match command {
        RoleCommands::List {} => list_roles(server).await,
        RoleCommands::Lookup {id} => get_role(id, server).await,
        RoleCommands::Create { name, description, rules_json } => create_role(name, description, rules_json, server).await,
        RoleCommands::Delete { id } => delete_role(id, server).await,
        RoleCommands::Update { id, description, rules_json } => update_role(id, description, rules_json, server).await
    }
}

#[derive(Deserialize)]
pub struct RoleListResp {
    pub data: Vec<Role>
}

#[derive(Deserialize)]
pub struct Role {
    pub id: String,
    pub name: String,
    pub description: String,
    #[serde(rename = "firewallRules")]
    pub firewall_rules: Vec<RoleFirewallRule>,
    #[serde(rename = "createdAt")]
    pub created_at: String,
    #[serde(rename = "modifiedAt")]
    pub modified_at: String
}
#[derive(Deserialize, Serialize)]
pub struct RoleFirewallRule {
    pub protocol: String,
    pub description: String,
    #[serde(rename = "allowedRoleID")]
    pub allowed_role_id: Option<String>,
    #[serde(rename = "portRange")]
    pub port_range: Option<RoleFirewallRulePortRange>
}
#[derive(Deserialize, Serialize)]
pub struct RoleFirewallRulePortRange {
    pub from: u16,
    pub to: u16
}

pub async fn list_roles(server: Url) -> Result<(), Box<dyn Error>> {
    let client = reqwest::Client::new();

    // load session token
    let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
    let session_token = fs::read_to_string(&sess_token_store)?;
    let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
    let auth_token = fs::read_to_string(&auth_token_store)?;

    let token = format!("{} {}", session_token, auth_token);

    let res = client.get(server.join("/v1/roles")?).bearer_auth(token).send().await?;

    if res.status().is_success() {
        let resp: RoleListResp = res.json().await?;

        for role in &resp.data {
            println!("            Role: {} ({})", role.name, role.id);
            println!("     Description: {}", role.description);
            for rule in &role.firewall_rules {
                println!("Rule Description: {}", rule.description);
                println!("    Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
                println!("        Protocol: {}", rule.protocol);
                println!("      Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
            }
            println!("         Created: {}", role.created_at);
            println!("         Updated: {}", role.modified_at);
        }

        if resp.data.is_empty() {
            println!("No roles found");
        }
    } else {
        let resp: APIErrorResponse = res.json().await?;

        eprintln!("[error] Error listing roles: {} {}", resp.errors[0].code, resp.errors[0].message);

        std::process::exit(1);
    }

    Ok(())
}

#[derive(Deserialize)]
pub struct RoleGetResponse {
    pub data: Role
}

pub async fn get_role(id: String, server: Url) -> Result<(), Box<dyn Error>> {
    let client = reqwest::Client::new();

    // load session token
    let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
    let session_token = fs::read_to_string(&sess_token_store)?;
    let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
    let auth_token = fs::read_to_string(&auth_token_store)?;

    let token = format!("{} {}", session_token, auth_token);

    let res = client.get(server.join(&format!("/v1/roles/{}", id))?).bearer_auth(token).send().await?;

    if res.status().is_success() {
        let role: Role = res.json::<RoleGetResponse>().await?.data;

        println!("            Role: {} ({})", role.name, role.id);
        println!("     Description: {}", role.description);
        for rule in &role.firewall_rules {
            println!("Rule Description: {}", rule.description);
            println!("    Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
            println!("        Protocol: {}", rule.protocol);
            println!("      Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
        }
        println!("         Created: {}", role.created_at);
        println!("         Updated: {}", role.modified_at);

    } else {
        let resp: APIErrorResponse = res.json().await?;

        eprintln!("[error] Error listing roles: {} {}", resp.errors[0].code, resp.errors[0].message);

        std::process::exit(1);
    }

    Ok(())
}

#[derive(Serialize)]
pub struct RoleCreateBody {
    pub name: String,
    pub description: String,
    #[serde(rename = "firewallRules")]
    pub firewall_rules: Vec<RoleFirewallRule>
}

pub async fn create_role(name: String, description: String, rules_json: String, server: Url) -> Result<(), Box<dyn Error>> {
    let client = reqwest::Client::new();

    let rules: Vec<RoleFirewallRule> = match serde_json::from_str(&rules_json) {
        Ok(r) => r,
        Err(e) => {
            eprintln!("[error] error parsing rulesJson: {}", e);
            std::process::exit(1);
        }
    };

    // load session token
    let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
    let session_token = fs::read_to_string(&sess_token_store)?;
    let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
    let auth_token = fs::read_to_string(&auth_token_store)?;

    let token = format!("{} {}", session_token, auth_token);

    let res = client.post(server.join(&format!("/v1/roles"))?).json(&RoleCreateBody {
        name,
        description,
        firewall_rules: rules,
    }).bearer_auth(token).send().await?;

    if res.status().is_success() {
        let role: Role = res.json::<RoleGetResponse>().await?.data;

        println!("            Role: {} ({})", role.name, role.id);
        println!("     Description: {}", role.description);
        for rule in &role.firewall_rules {
            println!("Rule Description: {}", rule.description);
            println!("    Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
            println!("        Protocol: {}", rule.protocol);
            println!("      Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
        }
        println!("         Created: {}", role.created_at);
        println!("         Updated: {}", role.modified_at);

    } else {
        let resp: APIErrorResponse = res.json().await?;

        eprintln!("[error] Error creating role: {} {}", resp.errors[0].code, resp.errors[0].message);

        std::process::exit(1);
    }

    Ok(())
}

#[derive(Serialize)]
pub struct RoleUpdateBody {
    pub description: String,
    #[serde(rename = "firewallRules")]
    pub firewall_rules: Vec<RoleFirewallRule>
}

pub async fn update_role(id: String, description: String, rules_json: String, server: Url) -> Result<(), Box<dyn Error>> {
    let client = reqwest::Client::new();

    let rules: Vec<RoleFirewallRule> = match serde_json::from_str(&rules_json) {
        Ok(r) => r,
        Err(e) => {
            eprintln!("[error] error parsing rulesJson: {}", e);
            std::process::exit(1);
        }
    };

    // load session token
    let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
    let session_token = fs::read_to_string(&sess_token_store)?;
    let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
    let auth_token = fs::read_to_string(&auth_token_store)?;

    let token = format!("{} {}", session_token, auth_token);

    let res = client.put(server.join(&format!("/v1/roles/{}", id))?).json(&RoleUpdateBody {
        description,
        firewall_rules: rules,
    }).bearer_auth(token).send().await?;

    if res.status().is_success() {
        let role: Role = res.json::<RoleGetResponse>().await?.data;

        println!("            Role: {} ({})", role.name, role.id);
        println!("     Description: {}", role.description);
        for rule in &role.firewall_rules {
            println!("Rule Description: {}", rule.description);
            println!("    Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
            println!("        Protocol: {}", rule.protocol);
            println!("      Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
        }
        println!("         Created: {}", role.created_at);
        println!("         Updated: {}", role.modified_at);

    } else {
        let resp: APIErrorResponse = res.json().await?;

        eprintln!("[error] Error updating role: {} {}", resp.errors[0].code, resp.errors[0].message);

        std::process::exit(1);
    }

    Ok(())
}

pub async fn delete_role(id: String, server: Url) -> Result<(), Box<dyn Error>> {
    let client = reqwest::Client::new();

    // load session token
    let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
    let session_token = fs::read_to_string(&sess_token_store)?;
    let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
    let auth_token = fs::read_to_string(&auth_token_store)?;

    let token = format!("{} {}", session_token, auth_token);

    let res = client.delete(server.join(&format!("/v1/roles/{}", id))?).bearer_auth(token).send().await?;

    if res.status().is_success() {
        println!("Role removed");
    } else {
        let resp: APIErrorResponse = res.json().await?;

        eprintln!("[error] Error removing role: {} {}", resp.errors[0].code, resp.errors[0].message);

        std::process::exit(1);
    }

    Ok(())
}