// SPDX-License-Identifier: GPL-3.0-or-later

#define ACLK_LWS_HTTPS_CLIENT_INTERNAL
#include "aclk_lws_https_client.h"
#include "aclk_common.h"
#include "aclk_lws_wss_client.h"

#define SMALL_BUFFER 16

struct simple_hcc_data {
    char *data;
    size_t data_size;
    size_t written;
    char lws_work_buffer[1024 + LWS_PRE];
    char *payload;
    int response_code;
    int done;
};

static int simple_https_client_callback(struct lws *wsi, enum lws_callback_reasons reason, void *user, void *in, size_t len)
{
    UNUSED(user);
    int n;
    char *ptr;
    char buffer[SMALL_BUFFER];
    struct simple_hcc_data *perconn_data = lws_get_opaque_user_data(wsi);

    switch (reason) {
    case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ:
        debug(D_ACLK, "LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ");
        if (perconn_data->data_size - 1 - perconn_data->written < len)
            return 1;
        memcpy(&perconn_data->data[perconn_data->written], in, len);
        perconn_data->written += len;
        return 0;
    case LWS_CALLBACK_RECEIVE_CLIENT_HTTP:
        debug(D_ACLK, "LWS_CALLBACK_RECEIVE_CLIENT_HTTP");
        if(!perconn_data) {
            error("Missing Per Connect Data");
            return -1;
        }
        n = sizeof(perconn_data->lws_work_buffer) - LWS_PRE;
        ptr = perconn_data->lws_work_buffer + LWS_PRE;
        if (lws_http_client_read(wsi, &ptr, &n) < 0)
            return -1;
        perconn_data->data[perconn_data->written] = '\0';
        return 0;
    case LWS_CALLBACK_WSI_DESTROY:
        debug(D_ACLK, "LWS_CALLBACK_WSI_DESTROY");
        if(perconn_data)
            perconn_data->done = 1;
        return 0;
    case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP:
        debug(D_ACLK, "LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP");
        if(perconn_data)
            perconn_data->response_code = lws_http_client_http_response(wsi);
        return 0;
    case LWS_CALLBACK_CLOSED_CLIENT_HTTP:
        debug(D_ACLK, "LWS_CALLBACK_CLOSED_CLIENT_HTTP");
        return 0;
    case LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS:
        debug(D_ACLK, "LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS");
        return 0;
    case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER:
        debug(D_ACLK, "LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER");
        if(perconn_data && perconn_data->payload) {
            unsigned char **p = (unsigned char **)in, *end = (*p) + len;
            snprintfz(buffer, SMALL_BUFFER, "%zu", strlen(perconn_data->payload));
            if (lws_add_http_header_by_token(wsi,
                    WSI_TOKEN_HTTP_CONTENT_LENGTH,
                    (unsigned char *)buffer, strlen(buffer), p, end))
                return -1;
            if (lws_add_http_header_by_token(wsi,
                    WSI_TOKEN_HTTP_CONTENT_TYPE,
                    (unsigned char *)ACLK_CONTENT_TYPE_JSON,
                    strlen(ACLK_CONTENT_TYPE_JSON), p, end))
                return -1;
            lws_client_http_body_pending(wsi, 1);
            lws_callback_on_writable(wsi);
        }
        return 0;
    case LWS_CALLBACK_CLIENT_HTTP_WRITEABLE:
        debug(D_ACLK, "LWS_CALLBACK_CLIENT_HTTP_WRITEABLE");
        if(perconn_data && perconn_data->payload) {
            n = strlen(perconn_data->payload);
            if(perconn_data->data_size < (size_t)LWS_PRE + n + 1) {
                error("Buffer given is not big enough");
                return 1;
            }

            memcpy(&perconn_data->data[LWS_PRE], perconn_data->payload, n);
            if(n != lws_write(wsi, (unsigned char*)&perconn_data->data[LWS_PRE], n, LWS_WRITE_HTTP)) {
                error("lws_write error");
                perconn_data->data[0] = 0;
                return 1;
            }
            lws_client_http_body_pending(wsi, 0);
            // clean for subsequent reply read
            perconn_data->data[0] = 0;
        }
        return 0;
    case LWS_CALLBACK_CLIENT_HTTP_BIND_PROTOCOL:
        debug(D_ACLK, "LWS_CALLBACK_CLIENT_HTTP_BIND_PROTOCOL");
        return 0;
    case LWS_CALLBACK_WSI_CREATE:
        debug(D_ACLK, "LWS_CALLBACK_WSI_CREATE");
        return 0;
    case LWS_CALLBACK_PROTOCOL_INIT:
        debug(D_ACLK, "LWS_CALLBACK_PROTOCOL_INIT");
        return 0;
    case LWS_CALLBACK_CLIENT_HTTP_DROP_PROTOCOL:
        debug(D_ACLK, "LWS_CALLBACK_CLIENT_HTTP_DROP_PROTOCOL");
        return 0;
    case LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED:
        debug(D_ACLK, "LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED");
        return 0;
    case LWS_CALLBACK_GET_THREAD_ID:
        debug(D_ACLK, "LWS_CALLBACK_GET_THREAD_ID");
        return 0;
    case LWS_CALLBACK_EVENT_WAIT_CANCELLED:
        debug(D_ACLK, "LWS_CALLBACK_EVENT_WAIT_CANCELLED");
        return 0;
    case LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION:
        debug(D_ACLK, "LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION");
        return 0;
    case LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH:
        debug(D_ACLK, "LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH");
        return 0;
    default:
        debug(D_ACLK, "Unknown callback %d", (int)reason);
        return 0;
    }
}

static const struct lws_protocols protocols[] = {
    {
        "http",
        simple_https_client_callback,
        0,
        0,
        0,
        0,
        0
    },
    { NULL, NULL, 0, 0, 0, 0, 0 }
};

static void simple_hcc_log_divert(int level, const char *line)
{
    UNUSED(level);
    error("Libwebsockets: %s", line);
}

int aclk_send_https_request(char *method, char *host, int port, char *url, char *b, size_t b_size, char *payload)
{
    info("%s %s", __func__, method);

    struct lws_context_creation_info info;
    struct lws_client_connect_info i;
    struct lws_context *context;

    struct simple_hcc_data *data = callocz(1, sizeof(struct simple_hcc_data));
    data->data = b;
    data->data[0] = 0;
    data->data_size = b_size;
    data->payload = payload;

    int n = 0;
    time_t timestamp;

    struct lws_vhost *vhost;

    memset(&info, 0, sizeof info);

    info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
    info.port = CONTEXT_PORT_NO_LISTEN;
    info.protocols = protocols;


    context = lws_create_context(&info);
    if (!context) {
        error("Error creating LWS context");
        freez(data);
        return 1;
    }

    lws_set_log_level(LLL_ERR | LLL_WARN, simple_hcc_log_divert);

    lws_service(context, 0);

    memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */
    i.context = context;

#ifdef ACLK_SSL_ALLOW_SELF_SIGNED
    i.ssl_connection = LCCSCF_USE_SSL | LCCSCF_ALLOW_SELFSIGNED | LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK | LCCSCF_ALLOW_INSECURE;
    info("Disabling SSL certificate checks");
#else
    i.ssl_connection = LCCSCF_USE_SSL;
#endif
#if defined(HAVE_X509_VERIFY_PARAM_set1_host) && HAVE_X509_VERIFY_PARAM_set1_host == 0
#warning DISABLING SSL HOSTNAME VALIDATION BECAUSE IT IS NOT AVAILABLE ON THIS SYSTEM.
    i.ssl_connection |= LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
#endif

    i.port = port;
    i.address = host;
    i.path = url;

    i.host = i.address;
    i.origin = i.address;
    i.method = method;
    i.opaque_user_data = data;
    i.alpn = "http/1.1";

    i.protocol = protocols[0].name;

    vhost = lws_get_vhost_by_name(context, "default");
    if(!vhost)
        fatal("Could not find the default LWS vhost.");

    //set up proxy
    aclk_wss_set_proxy(vhost);

    lws_client_connect_via_info(&i);

    // libwebsockets handle connection timeouts already
    // this adds additional safety in case of bug in LWS
    timestamp = now_monotonic_sec();
    while( n >= 0 && !data->done && !netdata_exit) {
        n = lws_service(context, 0);
        if( now_monotonic_sec() - timestamp > SEND_HTTPS_REQUEST_TIMEOUT ) {
            data->data[0] = 0;
            data->done = 1;
            error("Servicing LWS took too long.");
        }
    }

    lws_context_destroy(context);

    n = data->response_code;

    freez(data);
    return (n < 200 || n >= 300);
}