from django.core.management.base import BaseCommand
import csv
from gnm_deliverables.models import DeliverableAsset
import logging
import hashlib
import hmac
from optparse import OptionParser
from datetime import datetime
import base64
from email.utils import formatdate
import requests
from time import mktime, sleep
from urllib.parse import urlparse
from pprint import pprint
import os.path
import requests
import sys

import logging

logging.basicConfig(level=logging.DEBUG)


def get_token(uri:str, secret:str, time:datetime) -> (str, str):
    """
    create signing token for archivehunter
    :param uri:
    :param secret:
    :return:
    """
    httpdate = formatdate(timeval=mktime(time.timetuple()),localtime=False,usegmt=True)
    url_parts = urlparse(uri)

    string_to_sign = "{0}\n{1}".format(httpdate, url_parts.path)
    print("string_to_sign: " + string_to_sign)
    hm = hmac.new(secret.encode("UTF-8"), string_to_sign.encode("UTF-8"),hashlib.sha256)
    return "HMAC {0}".format(base64.b64encode(hm.digest()).decode("UTF-8")), httpdate


class NotFoundResponse(Exception):
    pass


class ForbiddenResponse(Exception):
    pass


class ServerErrorResponse(Exception):
    pass


def authenticated_request(uri:str, secret:str, verify=True, override_time:datetime=None) -> dict:
    if override_time is not None:
        timestamp = override_time
    else:
        timestamp = datetime.now()

    authtoken, httpdate = get_token(uri, secret, timestamp)

    headers = {
        'X-Gu-Tools-HMAC-Date': httpdate,
        'X-Gu-Tools-HMAC-Token': authtoken,
    }

    response = requests.get(uri, headers=headers, verify=verify)

    if response.status_code==200:
        return response.json()
    elif response.status_code==404:
        raise NotFoundResponse
    elif response.status_code==403 or response.status_code==401:
        logger.error("Server returned forbidden. Server said: {}".format(response.text))
        raise ForbiddenResponse
    elif response.status_code==500:
        logger.error("Server error looking up. Server said: {}".format(response.text))
        raise ServerErrorResponse
    elif response.status_code==503 or response.status_code==504:
        logger.warning("Server not available, retrying in 3s")
        sleep(3)
        return authenticated_request(uri, secret, verify=verify, override_time=override_time)
    else:
        raise Exception("Unexpected server response: {} {}".format(response.status_code, response.text))


logger = logging.getLogger(__name__)


class Command(BaseCommand):
    """
    management command to validate that items apparently in archive are actually there
    """
    help = 'Verify that the registered archive ID for deliverables is accurate'

    def add_arguments(self, parser):
        parser.add_argument("--output", type=str, default="report.csv", help="location to output a CSV report")
        parser.add_argument("--server", type=str, help="base URL to Archive Hunter")
        parser.add_argument("--secret", type=str, help="shared secret for authentication")
        parser.add_argument("--insecure-no-verify", type=bool, default=False, help="don't verify SSL certs. Not recommended.")

    queryset = DeliverableAsset.objects.exclude(archive_item_id__isnull=True).exclude(archive_item_id__exact="")

    def handle(self, *args, **options):
        pprint(options)
        output_file_path = options["output"]

        if not options["server"]:
            print("You must specify --server on the commandline")
            sys.exit(1)
        if not options["secret"]:
            print("You must specify --secret on the commandline")
            sys.exit(1)

        total_count = DeliverableAsset.objects.all().count()
        archived_count = self.queryset.count()

        try:
            authenticated_request(os.path.join(options["server"],"api/entry","not-exist"), options["secret"])
        except NotFoundResponse:
            pass

        with open(output_file_path, "w") as f:
            writer = csv.writer(f, dialect=csv.excel)
            writer.writerow(["Asset ID","Bundle ID", "Filename","Bundle name","Archive Id","Found"])

            logger.info("Out of {} items registered, {} are in the archive".format(total_count, archived_count))
            for asset in self.queryset:
                if asset.archive_item_id is None:
                    logger.warning("Item {} has no archive id - should not have been included in search??".format(asset.filename))
                try:
                    url = os.path.join(options["server"],"api/entry",asset.archive_item_id)
                    logger.debug("url is {0}".format(url))
                    authenticated_request(url, options["secret"])
                    logger.info("Found archived entry for {}".format(asset.filename))
                except NotFoundResponse:
                    logger.info("No archived entry found for {}".format(asset.filename))
                    writer.writerow([asset.id, asset.deliverable_id, asset.filename, asset.deliverable.name, asset.archive_item_id, False])