package server

import (
	"context"
	"crypto/x509"
	"website/internal/log"

	"github.com/ardanlabs/conf/v3"
	"github.com/caddyserver/caddy/v2"
	"github.com/caddyserver/certmagic"
	certmagic_redis "github.com/pberkel/caddy-storage-redis"
	"github.com/pkg/errors"
)

type redisConfig struct {
	Address       string `conf:"required"`
	Username      string `conf:"default:default"`
	Password      string `conf:"required"`
	EncryptionKey string `conf:"required"`
	KeyPrefix     string `conf:"default:certmagic"`
}

func (s *Server) serveTLS() (err error) {
	if s.runtimeConfig.Development {
		ca := s.runtimeConfig.ACMECACert
		if ca == "" {
			return errors.New("Need ACME_CA_CERT to enable TLS in development")
		}

		cp := x509.NewCertPool()
		cp.AppendCertsFromPEM([]byte(ca))

		cfg := certmagic.NewDefault()
		issuer := certmagic.NewACMEIssuer(cfg, certmagic.ACMEIssuer{
			CA:                      "https://localhost/acme/local/directory",
			TrustedRoots:            cp,
			DisableTLSALPNChallenge: true,
			AltHTTPPort:             s.runtimeConfig.Port,
		})

		certmagic.DefaultACME = *issuer
	} else {
		rc := &redisConfig{}
		_, err = conf.Parse("REDIS", rc)
		if err != nil {
			return errors.Wrap(err, "could not parse redis config")
		}

		rs := certmagic_redis.New()
		rs.Address = []string{rc.Address}
		rs.Username = rc.Username
		rs.Password = rc.Password
		rs.EncryptionKey = rc.EncryptionKey
		rs.KeyPrefix = rc.KeyPrefix

		certmagic.Default.Storage = rs
		err = rs.Provision(caddy.Context{
			Context: context.Background(),
		})
		if err != nil {
			return errors.Wrap(err, "could not provision redis storage")
		}
	}

	certmagic.DefaultACME.Agreed = true
	certmagic.DefaultACME.Email = s.config.Email
	certmagic.Default.DefaultServerName = s.config.Domains[0]
	certmagic.HTTPPort = s.runtimeConfig.Port
	certmagic.HTTPSPort = s.runtimeConfig.TLSPort

	log.Debug(
		"starting certmagic",
		"http_port",
		certmagic.HTTPPort,
		"https_port",
		certmagic.HTTPSPort,
	)

	return certmagic.HTTPS(s.config.Domains, s.Server.Handler)
}