package api

import (
	"crypto/hmac"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/hex"
	"encoding/pem"
	"fmt"
	"git.lumeweb.com/LumeWeb/gitea-github-proxy/config"
	"go.uber.org/zap"
	"gorm.io/gorm"
)

type manifest struct {
	Name               string         `json:"name"`
	Url                string         `json:"url"`
	HookAttributes     hookAttributes `json:"hook_attributes"`
	Public             bool           `json:"public"`
	RedirectURL        string         `json:"redirect_url"`
	Version            string         `json:"version"`
	DefaultPermissions permissions    `json:"default_permissions"`
}

type hookAttributes struct {
	URL string `json:"url"`
}

type permissions struct {
	Issues       string `json:"issues"`
	Metadata     string `json:"metadata"`
	PullRequests string `json:"pull_requests"`
}

type settingsApi struct {
	config *config.Config
	db     *gorm.DB
	logger *zap.Logger
}

type appSecrets struct {
	PrivateKey string `json:"private_key"`
	Code       string `json:"code"`
}

func newApp() appSecrets {
	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		panic(err)
	}

	// Marshal the private key into PKCS#1 ASN.1 DER encoded form
	pkcs1Bytes := x509.MarshalPKCS1PrivateKey(privateKey)

	// Create a PEM block with the private key
	privateKeyPEM := &pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: pkcs1Bytes,
	}

	return appSecrets{
		PrivateKey: string(pem.EncodeToMemory(privateKeyPEM)),
		Code:       generateTempCode(),
	}
}

func generateTempCode() string {
	bytes := make([]byte, 16)
	if _, err := rand.Read(bytes); err != nil {
		panic(err)
	}
	return hex.EncodeToString(bytes)
}

func generatePayloadSignature(payload []byte, secret string) string {
	hasher := hmac.New(sha256.New, []byte(secret))
	hasher.Write(payload)
	sha := hex.EncodeToString(hasher.Sum(nil))
	return fmt.Sprintf("sha256=%s", sha)
}