package control

import (
	"encoding/hex"
	"errors"

	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
	"github.com/spf13/cobra"
)

const (
	ruleFlag = "rule"
	pathFlag = "path"
)

var addRuleCmd = &cobra.Command{
	Use:   "add-rule",
	Short: "Add local override",
	Long:  "Add local APE rule to a node with following format:\n<action>[:action_detail] <operation> [<condition1> ...] <resource>",
	Example: `control add-rule --endpoint ... -w ... --address ... --chain-id ChainID --cid ... --rule "allow Object.Get *"
--rule "deny Object.Get EbxzAdz5LB4uqxuz6crWKAumBNtZyK2rKsqQP7TdZvwr/*"
--rule "deny:QuotaLimitReached Object.Put Object.Resource:Department=HR *"

control add-rule --endpoint ... -w ... --address ... --chain-id ChainID --cid ... --path some_chain.json
`,
	Run: addRule,
}

func parseChain(cmd *cobra.Command) *apechain.Chain {
	chainID, _ := cmd.Flags().GetString(chainIDFlag)
	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)

	chainIDRaw := []byte(chainID)

	if hexEncoded {
		var err error
		chainIDRaw, err = hex.DecodeString(chainID)
		commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
	}

	chain := new(apechain.Chain)
	chain.ID = apechain.ID(chainIDRaw)

	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
		commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, rules))
	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", util.ParseAPEChainBinaryOrJSON(chain, encPath))
	} else {
		commonCmd.ExitOnErr(cmd, "parser error", errors.New("rule is not passed"))
	}

	cmd.Println("Parsed chain:")
	util.PrintHumanReadableAPEChain(cmd, chain)

	return chain
}

func addRule(cmd *cobra.Command, _ []string) {
	pk := key.Get(cmd)

	target := parseTarget(cmd)

	parsed := parseChain(cmd)

	req := &control.AddChainLocalOverrideRequest{
		Body: &control.AddChainLocalOverrideRequest_Body{
			Target: target,
			Chain:  parsed.Bytes(),
		},
	}

	signRequest(cmd, pk, req)

	cli := getClient(cmd, pk)

	var resp *control.AddChainLocalOverrideResponse
	var err error
	err = cli.ExecRaw(func(client *client.Client) error {
		resp, err = control.AddChainLocalOverride(client, req)
		return err
	})
	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)

	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
	cmd.Println("\nRule has been added.")
}

func initControlAddRuleCmd() {
	initControlFlags(addRuleCmd)

	ff := addRuleCmd.Flags()
	ff.StringArray(ruleFlag, []string{}, "Rule statement")
	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
	ff.String(targetNameFlag, "", targetNameDesc)
	ff.String(targetTypeFlag, "", targetTypeDesc)
	_ = addRuleCmd.MarkFlagRequired(targetTypeFlag)
	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")

	addRuleCmd.MarkFlagsMutuallyExclusive(pathFlag, ruleFlag)
}