package control

import (
	"bytes"
	"crypto/sha256"
	"encoding/json"

	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
	"github.com/spf13/cobra"
)

const (
	ruleFlag = "rule"
)

var addRuleCmd = &cobra.Command{
	Use:   "add-rule",
	Short: "Add local override",
	Long:  "Add local APE rule to a node with following format:\n<action>[:action_detail] <operation> [<condition1> ...] <resource>",
	Example: `allow Object.Get *
deny Object.Get EbxzAdz5LB4uqxuz6crWKAumBNtZyK2rKsqQP7TdZvwr/*
deny:QuotaLimitReached Object.Put Object.Resource:Department=HR *
`,
	Run: addRule,
}

func prettyJSONFormat(cmd *cobra.Command, serializedChain []byte) string {
	wr := bytes.NewBufferString("")
	err := json.Indent(wr, serializedChain, "", " ")
	commonCmd.ExitOnErr(cmd, "%w", err)
	return wr.String()
}

func addRule(cmd *cobra.Command, _ []string) {
	pk := key.Get(cmd)

	chainID, _ := cmd.Flags().GetString(chainIDFlag)

	var cnr cid.ID
	cidStr, _ := cmd.Flags().GetString(commonflags.CIDFlag)
	commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(cidStr))

	rawCID := make([]byte, sha256.Size)
	cnr.Encode(rawCID)

	rule, _ := cmd.Flags().GetString(ruleFlag)

	chain := new(apechain.Chain)
	commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, []string{rule}))
	chain.ID = apechain.ID(chainID)
	serializedChain := chain.Bytes()

	cmd.Println("Container ID: " + cidStr)
	cmd.Println("Parsed chain:\n" + prettyJSONFormat(cmd, serializedChain))

	req := &control.AddChainLocalOverrideRequest{
		Body: &control.AddChainLocalOverrideRequest_Body{
			Target: &control.ChainTarget{
				Type: control.ChainTarget_CONTAINER,
				Name: cidStr,
			},
			Chain: serializedChain,
		},
	}

	signRequest(cmd, pk, req)

	cli := getClient(cmd, pk)

	var resp *control.AddChainLocalOverrideResponse
	var err error
	err = cli.ExecRaw(func(client *client.Client) error {
		resp, err = control.AddChainLocalOverride(client, req)
		return err
	})
	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)

	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())

	cmd.Println("Rule has been added. Chain id: ", resp.GetBody().GetChainId())
}

func initControlAddRuleCmd() {
	initControlFlags(addRuleCmd)

	ff := addRuleCmd.Flags()
	ff.String(commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
	ff.String(ruleFlag, "", "Rule statement")
	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
}