# Copyright 2019 Google, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import base64
import hmac
import json
import os
import sys
import time
import urllib

from flask import Flask, request
from google.cloud import secretmanager_v1beta1
from hashlib import sha1


app = Flask(__name__)


@app.route("/", methods=["POST"])
def index():
    # Subscribes to Pub/Sub Topic
    # and sends a message to Slack Channel
    envelope = request.get_json()

    # Check if valid JSON
    if not envelope:
        raise Exception("Expecting JSON payload")
    # Check if valid pub/sub message
    if "message" not in envelope:
        raise Exception("Not a valid Pub/Sub Message")

    msg = envelope["message"]
    data = json.loads(base64.b64decode(msg["data"]).decode("utf-8").strip())

    if data["action"] == "opened":
        # Post response to Github
        create_issue_comment(data["issue"]["url"])

    sys.stdout.flush()
    return ("", 204)


def create_issue_comment(api_url):
    # Posts an auto response to Github Issue

    # Get tokens
    pem = get_secret(os.environ.get("PROJECT_NAME"), os.environ.get("PEM"), "1")
    app_token = get_jwt(pem)
    installation_token = get_installation_token(app_token)

    # Create Github issue comment via HTTP POST
    try:
        msg = {
            "body": "Thank you for filing an issue. \
                 Someone will respond within 24 hours."
        }
        req = urllib.request.Request(
            api_url + "/comments", data=json.dumps(msg).encode("utf8")
        )
        req.add_header("Authorization", f"Bearer {installation_token}")
        response = urllib.request.urlopen(req)

    except Exception as e:
        print(e)


def get_jwt(pem):
    # Encodes and returns JWT
    from jwt import JWT, jwk_from_pem

    payload = {
        "iat": int(time.time()),
        "exp": int(time.time()) + (10 * 60),
        "iss": os.environ.get("APP_ID"),
    }

    jwt = JWT()

    return jwt.encode(payload, jwk_from_pem(pem), "RS256")


def get_installation_token(jwt):
    # Get App installation token to use Github API
    req = urllib.request.Request(os.environ.get("INSTALLATION"), method="POST")
    req.add_header("Authorization", f"Bearer {jwt}")
    req.add_header("Accept", "application/vnd.github.machine-man-preview+json")

    response = urllib.request.urlopen(req)
    token_json = json.loads(response.read())
    return token_json["token"]


def get_secret(project_name, secret_name, version_num):
    # Returns secret payload from Cloud Secret Manager
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    name = client.secret_version_path(project_name, secret_name, version_num)
    secret = client.access_secret_version(name)
    return secret.payload.data


if __name__ == "__main__":
    PORT = int(os.getenv("PORT")) if os.getenv("PORT") else 8080

    # This is used when running locally. Gunicorn is used to run the
    # application on Cloud Run. See entrypoint in Dockerfile.
    app.run(host="127.0.0.1", port=PORT, debug=True)