from __future__ import annotations

import random
from typing import TYPE_CHECKING

from django.conf import settings

from csp.middleware import CSPMiddleware, PolicyParts

if TYPE_CHECKING:
    from django.http import HttpRequest, HttpResponseBase


class RateLimitedCSPMiddleware(CSPMiddleware):
    """A CSP middleware that rate-limits the number of violation reports sent
    to report-uri by excluding it from some requests."""

    def get_policy_parts(self, request: HttpRequest, response: HttpResponseBase, report_only: bool = False) -> PolicyParts:
        policy_parts = super().get_policy_parts(request, response, report_only)

        csp_setting_name = "CONTENT_SECURITY_POLICY_REPORT_ONLY" if report_only else "CONTENT_SECURITY_POLICY"
        policy = getattr(settings, csp_setting_name, None)
        if policy is None:
            return policy_parts

        # `random.random` returns a value in the range [0.0, 1.0) so all values will be < 100.0.
        remove_report = random.random() * 100 >= policy.get("REPORT_PERCENTAGE", 100)
        if remove_report:
            if policy_parts.replace is None:
                policy_parts.replace = {
                    "report-uri": None,
                    "report-to": None,
                }
            else:
                policy_parts.replace.update(
                    {
                        "report-uri": None,
                        "report-to": None,
                    }
                )

        return policy_parts