#!/usr/bin/env python3
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
"""Selfserve Portal for the Apache Software Foundation"""
"""Handler for oauth operations"""

if not __debug__:
    raise RuntimeError("This code requires assert statements to be enabled")

from ..lib import middleware
import asfquart
import asfquart.session
import quart
import aiohttp
import uuid
import urllib.parse
import time

OAUTH_URL_INIT = "https://oauth.apache.org/auth?state=%s&redirect_uri=%s"
OAUTH_URL_CALLBACK = "https://oauth.apache.org/token?code=%s"

@asfquart.APP.route(
    "/api/oauth",
    methods=[
        "GET",
    ],
)
async def process():
    form_data = await asfquart.utils.formdata()
    session = await asfquart.session.read()
    if quart.request.method == "GET":
        code = form_data.get("code")
        state = form_data.get("state")
        if not code or not state:  # Presumably first step in OAuth
            state = str(uuid.uuid4())
            callback_url = urllib.parse.urljoin(
                quart.request.host_url.replace("http://", "https://"),
                f"/api/oauth?state={state}",
            )
            redirect_url = OAUTH_URL_INIT % (state, urllib.parse.quote(callback_url))
            headers = {
                "Location": redirect_url,
            }
            return quart.Response(status=302, response="Redirecting...", headers=headers)
        else:  # Callback from oauth.a.o
            ct = aiohttp.client.ClientTimeout(sock_read=15)
            uid = "??"
            async with aiohttp.client.ClientSession(timeout=ct) as session:
                rv = await session.get(OAUTH_URL_CALLBACK % code)
                assert rv.status == 200, "Could not verify oauth response."
                oauth_data = await rv.json()
                uid = oauth_data["uid"]
                # Write cookie session. asfquart will handle expiry.
                asfquart.session.write(oauth_data)
            return quart.Response(
                status=200,
                response=f"Successfully logged in! Welcome, {uid}\n",
            )