import os
import logging
import re
import time
import datetime
import calendar
from typing import Callable

import requests
import azure.functions as func

from .sentinel_connector import AzureSentinelConnector
from .state_manager import StateManager


TOKEN = os.environ['SOPHOS_TOKEN']
WORKSPACE_ID = os.environ['WORKSPACE_ID']
SHARED_KEY = os.environ['SHARED_KEY']
FILE_SHARE_CONNECTION_STRING = os.environ['AzureWebJobsStorage']
LOG_TYPE = 'SophosEP'

MAX_SCRIPT_EXEC_TIME_MINUTES = 5


logging.getLogger('azure.core.pipeline.policies.http_logging_policy').setLevel(logging.ERROR)


LOG_ANALYTICS_URI = os.environ.get('logAnalyticsUri')

if not LOG_ANALYTICS_URI or str(LOG_ANALYTICS_URI).isspace():
    LOG_ANALYTICS_URI = 'https://' + WORKSPACE_ID + '.ods.opinsights.azure.com'

pattern = r'https:\/\/([\w\-]+)\.ods\.opinsights\.azure.([a-zA-Z\.]+)$'
match = re.match(pattern, str(LOG_ANALYTICS_URI))
if not match:
    raise Exception("Invalid Log Analytics Uri.")


def main(mytimer: func.TimerRequest):
    logging.info('Starting script.')
    sentinel_connector = AzureSentinelConnector(LOG_ANALYTICS_URI, WORKSPACE_ID, SHARED_KEY, LOG_TYPE, queue_size=1000)
    sophos = SophosConnector(
        token_string=TOKEN,
        file_share_connection_string=FILE_SHARE_CONNECTION_STRING,
        sentinel_connector=sentinel_connector
    )
    sophos.process_alerts()
    sophos.process_events()
    logging.info('Script finished. Sent items: {}'.format(sophos.sentinel.successfull_sent_events_number))


class Params:
    def __init__(self, cursor=None, since=None):
        self.cursor = cursor
        self.since = since

    def to_dict(self) -> dict:
        d = dict()
        if self.cursor:
            d['cursor'] = self.cursor
        else:
            d['from_date'] = self.since
        return d


class Token:
    def __init__(self, token_txt):
        rex_txt = r"url\: (?P<url>https\://.+), x-api-key\: (?P<api_key>.+), Authorization\: (?P<authorization>.+)$"
        rex = re.compile(rex_txt)
        m = rex.search(token_txt)
        self.url = m.group("url")
        self.api_key = m.group("api_key")
        self.authorization = m.group("authorization").strip()


class SophosConnector:
    def __init__(self, token_string: str, file_share_connection_string: str, sentinel_connector: AzureSentinelConnector):
        self._start_time = int(time.time())
        self.token = Token(token_string)
        self.sentinel = sentinel_connector
        self.events_state_manager = StateManager(file_share_connection_string, file_path='events_cursor.txt')
        self.alerts_state_manager = StateManager(file_share_connection_string, file_path='alerts_cursor.txt')
        self.default_since_time_hours = 24

    def _get_params(self, state_manager: StateManager) -> Params:
        cursor = state_manager.get()
        if cursor:
            params = Params(cursor=cursor)
        else:
            since = int(calendar.timegm(((datetime.datetime.utcnow() - datetime.timedelta(hours=self.default_since_time_hours)).timetuple())))
            params = Params(since=since)
        return params

    def get_events_params(self) -> Params:
        return self._get_params(self.events_state_manager)

    def get_alerts_params(self) -> Params:
        return self._get_params(self.alerts_state_manager)

    def _save_cursor(self, cursor: str, state_manager: StateManager) -> None:
        if cursor:
            state_manager.post(cursor)

    def save_events_cursor(self, cursor) -> None:
        logging.info(f'saving events cursor {cursor}')
        self._save_cursor(cursor, self.events_state_manager)

    def save_alerts_cursor(self, cursor) -> None:
        logging.info(f'saving alerts cursor {cursor}')
        self._save_cursor(cursor, self.alerts_state_manager)

    @property
    def _headers(self) -> dict:
        return {
            'Content-Type': 'application/json; charset=utf-8',
            'Accept': 'application/json',
            'X-Locale': 'en',
            'Authorization': self.token.authorization,
            'x-api-key': self.token.api_key
        }

    def _get_url_params(self, params: Params) -> dict:
        url_params = {
            'limit': 1000
        }
        url_params.update(params.to_dict())
        return url_params

    def _process_endpoint(self, endpoint: str, params: Params, record_type: str, save_cursor_func: Callable) -> None:
        url = f'{self.token.url}{endpoint}'

        while True:
            if self.check_if_script_runs_too_long():
                logging.info('Script is running too long. Exit script.')
                break

            url_params = self._get_url_params(params)
            logging.info(f'Making request - url: {url}, params: {url_params}')
            res = requests.get(url, headers=self._headers, params=url_params)

            if not res.ok:
                raise Exception(f'Error while obtaining data (response code: {res.status_code}): {res.text}')

            res = res.json()

            for item in res['items']:
                item['datastream'] = record_type
                self.sentinel.send(item)

            self.sentinel.flush()

            next_cursor = res['next_cursor']
            save_cursor_func(next_cursor)

            if not res['has_more']:
                break
            else:
                params = Params(cursor=next_cursor, since=None)

    def process_events(self):
        self._process_endpoint(
            endpoint='/siem/v1/events',
            params=self.get_events_params(),
            record_type='event',
            save_cursor_func=self.save_events_cursor
        )

    def process_alerts(self):
        self._process_endpoint(
            endpoint='/siem/v1/alerts',
            params=self.get_alerts_params(),
            record_type='alert',
            save_cursor_func=self.save_alerts_cursor
        )

    def check_if_script_runs_too_long(self):
        now = int(time.time())
        duration = now - self._start_time
        max_duration = int(MAX_SCRIPT_EXEC_TIME_MINUTES * 60 * 0.85)
        return duration > max_duration