# Copyright (c) Microsoft. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for
# full license information.
import logging
import subprocess

logger = logging.getLogger("system_control_app." + __name__)

mqtt_port = 8883
mqttws_port = 443
uninitialized = "uninitialized"
sudo_prefix = uninitialized
all_disconnect_types = ["DROP", "REJECT"]
all_transports = ["mqtt", "mqttws"]


def get_sudo_prefix():
    global sudo_prefix

    # use "uninitialized" to mean uninitialized, because None and [] are both falsy and we want to set it to [], so we can't use None
    if sudo_prefix == uninitialized:
        try:
            run_shell_command("which sudo")
        except subprocess.CalledProcessError:
            sudo_prefix = ""
        else:
            sudo_prefix = "sudo -n "

    return sudo_prefix


def run_shell_command(cmd):
    logger.info("running [{}]".format(cmd))
    try:
        return subprocess.check_output(cmd.split(" ")).decode("utf-8").splitlines()
    except subprocess.CalledProcessError as e:
        logger.error("Error spawning {}".format(e.cmd))
        logger.error("Process returned {}".format(e.returncode))
        logger.error("process output: {}".format(e.output))
        raise


def transport_to_port(transport):
    if transport == "mqtt":
        return mqtt_port
    elif transport == "mqttws":
        return mqttws_port
    else:
        raise ValueError(
            "transport_type {} invalid.  Only mqtt and mqttws are accepted".format(
                transport
            )
        )


def disconnect_port(disconnect_type, transport):
    # sudo -n iptables -A OUTPUT -p tcp --dport 8883 -j DROP
    port = transport_to_port(transport)
    run_shell_command(
        "{}iptables -A OUTPUT -p tcp --dport {} -j {}".format(
            get_sudo_prefix(), port, disconnect_type
        )
    )


def reconnect_port(transport):
    port = transport_to_port(transport)
    for disconnect_type in all_disconnect_types:
        # sudo -n iptables -L OUTPUT -n -v --line-numbers
        lines = run_shell_command(
            "{}iptables -L OUTPUT -n -v --line-numbers".format(get_sudo_prefix())
        )
        # do the lines in reverse because deleting an entry changes the line numbers of all entries after that.
        lines.reverse()
        for line in lines:
            if disconnect_type in line and str(port) in line:
                line_number = line.split(" ")[0]
                logger.info("Removing {} from [{}]".format(line_number, line))
                # sudo -n iptables -D OUTPUT 1
                run_shell_command(
                    "{}iptables -D OUTPUT {}".format(get_sudo_prefix(), line_number)
                )