package gitea

import (
	"context"
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"strings"
	"time"

	"github.com/rs/zerolog/log"
	"go.opentelemetry.io/otel/attribute"
	
	"github.com/chorus-services/whoosh/internal/tracing"
)

type WebhookHandler struct {
	secret string
}

func NewWebhookHandler(secret string) *WebhookHandler {
	return &WebhookHandler{
		secret: secret,
	}
}

func (h *WebhookHandler) ValidateSignature(payload []byte, signature string) bool {
	if signature == "" {
		log.Warn().Msg("No signature provided in webhook")
		return false
	}

	// Remove "sha256=" prefix if present
	signature = strings.TrimPrefix(signature, "sha256=")

	// Calculate expected signature
	mac := hmac.New(sha256.New, []byte(h.secret))
	mac.Write(payload)
	expectedSignature := hex.EncodeToString(mac.Sum(nil))

	// Compare signatures
	return hmac.Equal([]byte(signature), []byte(expectedSignature))
}

func (h *WebhookHandler) ParsePayload(r *http.Request) (*WebhookPayload, error) {
	return h.ParsePayloadWithContext(r.Context(), r)
}

func (h *WebhookHandler) ParsePayloadWithContext(ctx context.Context, r *http.Request) (*WebhookPayload, error) {
	ctx, span := tracing.StartWebhookSpan(ctx, "parse_payload", "gitea")
	defer span.End()
	
	// Add tracing attributes
	span.SetAttributes(
		attribute.String("webhook.source", "gitea"),
		attribute.String("webhook.content_type", r.Header.Get("Content-Type")),
		attribute.String("webhook.user_agent", r.Header.Get("User-Agent")),
		attribute.String("webhook.remote_addr", r.RemoteAddr),
	)
	
	// Limit request body size to prevent DoS attacks (max 10MB for webhooks)
	r.Body = http.MaxBytesReader(nil, r.Body, 10*1024*1024)
	
	// Read request body
	body, err := io.ReadAll(r.Body)
	if err != nil {
		tracing.SetSpanError(span, err)
		span.SetAttributes(attribute.String("webhook.parse.status", "failed"))
		return nil, fmt.Errorf("failed to read request body: %w", err)
	}
	
	span.SetAttributes(attribute.Int("webhook.payload.size_bytes", len(body)))

	// Validate signature if secret is configured
	if h.secret != "" {
		signature := r.Header.Get("X-Gitea-Signature")
		span.SetAttributes(attribute.Bool("webhook.signature_required", true))
		if signature == "" {
			err := fmt.Errorf("webhook signature required but missing")
			tracing.SetSpanError(span, err)
			span.SetAttributes(attribute.String("webhook.parse.status", "signature_missing"))
			return nil, err
		}
		if !h.ValidateSignature(body, signature) {
			log.Warn().
				Str("remote_addr", r.RemoteAddr).
				Str("user_agent", r.Header.Get("User-Agent")).
				Msg("Invalid webhook signature attempt")
			err := fmt.Errorf("invalid webhook signature")
			tracing.SetSpanError(span, err)
			span.SetAttributes(attribute.String("webhook.parse.status", "invalid_signature"))
			return nil, err
		}
		span.SetAttributes(attribute.Bool("webhook.signature_valid", true))
	} else {
		span.SetAttributes(attribute.Bool("webhook.signature_required", false))
	}

	// Validate Content-Type header
	contentType := r.Header.Get("Content-Type")
	if !strings.Contains(contentType, "application/json") {
		err := fmt.Errorf("invalid content type: expected application/json")
		tracing.SetSpanError(span, err)
		span.SetAttributes(attribute.String("webhook.parse.status", "invalid_content_type"))
		return nil, err
	}

	// Parse JSON payload with size validation
	if len(body) == 0 {
		err := fmt.Errorf("empty webhook payload")
		tracing.SetSpanError(span, err)
		span.SetAttributes(attribute.String("webhook.parse.status", "empty_payload"))
		return nil, err
	}

	var payload WebhookPayload
	if err := json.Unmarshal(body, &payload); err != nil {
		tracing.SetSpanError(span, err)
		span.SetAttributes(attribute.String("webhook.parse.status", "json_parse_failed"))
		return nil, fmt.Errorf("failed to parse webhook payload: %w", err)
	}

	// Add payload information to span
	span.SetAttributes(
		attribute.String("webhook.event_type", payload.Action),
		attribute.String("webhook.parse.status", "success"),
	)

	// Add repository and issue information if available
	if payload.Repository.FullName != "" {
		span.SetAttributes(
			attribute.String("webhook.repository.full_name", payload.Repository.FullName),
			attribute.Int64("webhook.repository.id", payload.Repository.ID),
		)
	}

	if payload.Issue != nil {
		span.SetAttributes(
			attribute.Int64("webhook.issue.id", payload.Issue.ID),
			attribute.String("webhook.issue.title", payload.Issue.Title),
			attribute.String("webhook.issue.state", payload.Issue.State),
		)
	}

	return &payload, nil
}

func (h *WebhookHandler) IsTaskIssue(issue *Issue) bool {
	if issue == nil {
		return false
	}

	// Check for bzzz-task label
	for _, label := range issue.Labels {
		if label.Name == "bzzz-task" {
			return true
		}
	}

	// Also check title/body for task indicators (MVP fallback)
	title := strings.ToLower(issue.Title)
	body := strings.ToLower(issue.Body)

	taskIndicators := []string{"task:", "[task]", "bzzz-task", "agent task"}
	for _, indicator := range taskIndicators {
		if strings.Contains(title, indicator) || strings.Contains(body, indicator) {
			return true
		}
	}

	return false
}

func (h *WebhookHandler) ExtractTaskInfo(issue *Issue) map[string]interface{} {
	if issue == nil {
		return nil
	}

	taskInfo := map[string]interface{}{
		"id":         issue.ID,
		"number":     issue.Number,
		"title":      issue.Title,
		"body":       issue.Body,
		"state":      issue.State,
		"url":        issue.HTMLURL,
		"repository": issue.Repository.FullName,
		"created_at": issue.CreatedAt,
		"updated_at": issue.UpdatedAt,
		"labels":     make([]string, len(issue.Labels)),
	}

	// Extract label names
	for i, label := range issue.Labels {
		taskInfo["labels"].([]string)[i] = label.Name
	}

	// Extract task priority from labels
	priority := "normal"
	for _, label := range issue.Labels {
		switch strings.ToLower(label.Name) {
		case "priority:high", "high-priority", "urgent":
			priority = "high"
		case "priority:low", "low-priority":
			priority = "low"
		case "priority:critical", "critical":
			priority = "critical"
		}
	}
	taskInfo["priority"] = priority

	// Extract task type from labels
	taskType := "general"
	for _, label := range issue.Labels {
		switch strings.ToLower(label.Name) {
		case "type:bug", "bug":
			taskType = "bug"
		case "type:feature", "feature", "enhancement":
			taskType = "feature"
		case "type:docs", "documentation":
			taskType = "documentation"
		case "type:refactor", "refactoring":
			taskType = "refactor"
		case "type:test", "testing":
			taskType = "test"
		}
	}
	taskInfo["task_type"] = taskType

	return taskInfo
}

type WebhookEvent struct {
	Type       string                 `json:"type"`
	Action     string                 `json:"action"`
	Repository string                 `json:"repository"`
	Issue      *Issue                 `json:"issue,omitempty"`
	TaskInfo   map[string]interface{} `json:"task_info,omitempty"`
	Timestamp  int64                  `json:"timestamp"`
}

func (h *WebhookHandler) ProcessWebhook(payload *WebhookPayload) *WebhookEvent {
	event := &WebhookEvent{
		Type:       "gitea_webhook",
		Action:     payload.Action,
		Repository: payload.Repository.FullName,
		Timestamp:  time.Now().Unix(),
	}


	if payload.Issue != nil {
		event.Issue = payload.Issue

		// Check if this is a task issue
		if h.IsTaskIssue(payload.Issue) {
			event.TaskInfo = h.ExtractTaskInfo(payload.Issue)
			
			log.Info().
				Str("action", payload.Action).
				Str("repository", payload.Repository.FullName).
				Int64("issue_number", payload.Issue.Number).
				Str("title", payload.Issue.Title).
				Msg("Processing task issue webhook")
		}
	}

	return event
}