%%% Copyright (c) 2014, NORDUnet A/S.
%%% See LICENSE for licensing information.

-module(catlfish_web).
-export([start/2, loop/2]).

start(Options, Module) ->
    lager:debug("Starting catlfish web server: ~p", [Module]),
    Loop = fun (Req) ->
                   ?MODULE:loop(Req, Module)
           end,
    mochiweb_http:start([{name, Module}, {loop, Loop} | Options]).


add_auth(Path, {Code, Headers, Data}) ->
    AuthHeader = http_auth:create_auth("REPLY", Path, Data),
    lager:debug("sent auth header: ~p", [AuthHeader]),
    {Code, [{"X-Catlfish-Auth", AuthHeader} | Headers], Data}.

loop(Req, Module) ->
    "/" ++ Path = Req:get(path),
    try
        Starttime = os:timestamp(),
        AuthHeader = Req:get_header_value("X-Catlfish-Auth"),
        case Req:get(method) of
            'GET' ->
                Query = Req:parse_qs(),
                {_, RawQuery, _} = mochiweb_util:urlsplit_path(Req:get(raw_path)),
                Result = case http_auth:verify_auth(AuthHeader, "GET", "/" ++ Path, RawQuery) of
                             failure ->
                                 {403, [{"Content-Type", "text/plain"}], "Invalid credentials"};
                             success ->
                                 lager:debug("GET ~p ~p", [Path, Query]),
                                 add_auth("/" ++ Path, Module:request(get, Path, Query));
                             noauth ->
                                 lager:debug("GET ~p ~p", [Path, Query]),
                                 Module:request(get, Path, Query)
                         end,
                lager:debug("GET finished: ~p us", [timer:now_diff(os:timestamp(), Starttime)]),
                case Result of
                    none ->
                        Req:respond({404, [{"Content-Type", "text/plain"}], "Page not found"});
                    _ ->
                        Req:respond(Result)
                end;
            'POST' ->
                Body = Req:recv_body(),
                Result = case http_auth:verify_auth(AuthHeader, "POST", "/" ++ Path, Body) of
                             failure ->
                                 {403, [{"Content-Type", "text/plain"}], "Invalid credentials"};
                             success ->
                                 lager:debug("POST ~p ~p", [Path, Body]),
                                 add_auth("/" ++ Path, Module:request(post, Path, Body));
                             noauth ->
                                 lager:debug("POST ~p ~p", [Path, Body]),
                                 Module:request(post, Path, Body)
                         end,
                lager:debug("POST finished: ~p us", [timer:now_diff(os:timestamp(), Starttime)]),
                case Result of
                    none ->
                        Req:respond({404, [{"Content-Type", "text/plain"}], "Page not found"});
                    _ ->
                        Req:respond(Result)
                end;
            _ ->
                Req:respond({501, [], []})
        end
    catch
        Type:What ->
            [CrashFunction | Stack] = erlang:get_stacktrace(),
            lager:error("Crash in ~p for path ~p: ~p ~p~n~p~n~p~n", [Module, Path, Type, What, CrashFunction, Stack]),
            Req:respond({500, [{"Content-Type", "text/plain"}],
                         "Internal Server Error\n"})
    end.