# Copyright 2019 Google, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import base64
import hmac
import json
import os
import sys
import time
import urllib

from flask import Flask, request
from google.cloud import secretmanager_v1beta1
from hashlib import sha1


app = Flask(__name__)


@app.route("/", methods=["POST"])
def index():
    signature = request.headers.get("X-Hub-Signature", None)
    body = request.data

    # Only process data with a valid signature
    assert verify_signature(signature, body), "Unverified Signature"

    # Load the event as JSON for easier handling
    event = request.get_json(force=True)

    # Insert row into bigquery
    insert_row_into_bigquery(event)

    # Post new issues to Slack
    if event["action"] == "opened":
        issue_title = event["issue"]["title"]
        issue_url = event["issue"]["html_url"]
        send_issue_notification_to_slack(issue_title, issue_url)

        # Post response to Github
        create_issue_comment(event["issue"]["url"])

    print("Yay")

    sys.stdout.flush()
    return ("", 204)


def verify_signature(signature, body):
    expected_signature = "sha1="
    try:
        # Get secret from Cloud Secret Manager
        secret = get_secret(
            os.environ.get("PROJECT_NAME"), os.environ.get("SECRET_NAME"), "1"
        )
        # Compute the hashed signature
        hashed = hmac.new(secret, body, sha1)
        expected_signature += hashed.hexdigest()

    except Exception as e:
        print(e)

    return hmac.compare_digest(signature, expected_signature)


def send_issue_notification_to_slack(issue_title, issue_url):
    # Sends a message to Slack Channel
    msg = {
        "blocks": [
            {
                "type": "section",
                "text": {
                    "type": "mrkdwn",
                    "text": f"New issue created: <{issue_url}|{issue_title}>",
                },
            }
        ]
    }
    req = urllib.request.Request(
        os.environ.get("SLACK_URL"),
        data=json.dumps(msg).encode("utf8"),
        headers={"Content-Type": "application/json"},
    )
    response = urllib.request.urlopen(req)


def insert_row_into_bigquery(event):
    from google.cloud import bigquery

    # Set up bigquery instance
    client = bigquery.Client()
    dataset_id = os.environ.get("DATASET")
    table_id = os.environ.get("TABLE")
    table_ref = client.dataset(dataset_id).table(table_id)
    table = client.get_table(table_ref)

    # Insert row
    row_to_insert = [
        (
            event["issue"]["title"],
            event["action"],
            event["issue"]["html_url"],
            time.time(),
        )
    ]
    bq_errors = client.insert_rows(table, row_to_insert)

    # If errors, log to Stackdriver
    if bq_errors:
        entry = {
            "severity": "WARNING",
            "msg": "Row not inserted.",
            "errors": bq_errors,
            "row": row_to_insert,
        }
        print(json.dumps(entry))


def create_issue_comment(api_url):
    # Posts an auto response to Github Issue

    # Get tokens
    pem = get_secret(os.environ.get("PROJECT_NAME"), os.environ.get("PEM"), "1")
    app_token = get_jwt(pem)
    installation_token = get_installation_token(app_token)

    # Create Github issue comment via HTTP POST
    try:
        msg = {
            "body": "Thank you for filing an issue. \
                 Someone will respond within 24 hours."
        }
        req = urllib.request.Request(
            api_url + "/comments", data=json.dumps(msg).encode("utf8")
        )
        req.add_header("Authorization", f"Bearer {installation_token}")
        response = urllib.request.urlopen(req)

    except Exception as e:
        print(e)


def get_jwt(pem):
    # Encodes and returns JWT
    from jwt import JWT, jwk_from_pem

    payload = {
        "iat": int(time.time()),
        "exp": int(time.time()) + (10 * 60),
        "iss": os.environ.get("APP_ID"),
    }

    jwt = JWT()

    return jwt.encode(payload, jwk_from_pem(pem), "RS256")


def get_installation_token(jwt):
    # Get App installation token to use Github API
    req = urllib.request.Request(os.environ.get("INSTALLATION"), method="POST")
    req.add_header("Authorization", f"Bearer {jwt}")
    req.add_header("Accept", "application/vnd.github.machine-man-preview+json")

    response = urllib.request.urlopen(req)
    token_json = json.loads(response.read())
    return token_json["token"]


def get_secret(project_name, secret_name, version_num):
    # Returns secret payload from Cloud Secret Manager
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    name = client.secret_version_path(project_name, secret_name, version_num)
    secret = client.access_secret_version(name)
    return secret.payload.data


if __name__ == "__main__":
    PORT = int(os.getenv("PORT")) if os.getenv("PORT") else 8080

    # This is used when running locally. Gunicorn is used to run the
    # application on Cloud Run. See entrypoint in Dockerfile.
    app.run(host="127.0.0.1", port=PORT, debug=True)