/* SPDX-License-Identifier: GPL-2.0
 *
 * Copyright (C) 2021 Jason A. Donenfeld. All Rights Reserved.
 */

package main

import (
	"crypto/hmac"
	"encoding/base64"
	"fmt"
	"net/http"
	"os"

	"golang.zx2c4.com/irc/hbot"
)

type NtDriverBuilderNotifier struct {
	bot     *hbot.Bot
	channel string
	secret  [32]byte
}

func NewNtDriverBuilderNotifier(channel string, bot *hbot.Bot) *NtDriverBuilderNotifier {
	notifier := new(NtDriverBuilderNotifier)
	secret, err := base64.StdEncoding.DecodeString(os.Getenv("WURGURBOO_NTDRIVERBUILDERNOTIFIER_SECRET"))
	if err != nil || len(secret) != 32 {
		return notifier // Silently disable on failure
	}
	copy(notifier.secret[:], secret)
	notifier.bot = bot
	notifier.channel = channel
	return notifier
}

func isValidNotificationString(s string) bool {
	for _, c := range []byte(s) {
		if c < ' ' || c > '~' {
			return false
		}
	}
	return len(s) >= 3 && len(s) < 200
}

func (notifier *NtDriverBuilderNotifier) HandleRequest(w http.ResponseWriter, r *http.Request) {
	w.Header().Add("Server", "WurGurBoo/1.0")
	secret, _ := base64.StdEncoding.DecodeString(r.Header.Get("Secret"))
	driver, action := r.Header.Get("Driver"), r.Header.Get("Action")
	if r.Method != http.MethodPost || notifier.bot == nil || !hmac.Equal(secret, notifier.secret[:]) ||
		!isValidNotificationString(driver) || !isValidNotificationString(action) {
		http.Redirect(w, r, "https://www.wireguard.com/", 302)
		return
	}
	notifier.bot.Msg(notifier.channel,
		fmt.Sprintf("rozmansi, zx2c4: \x0303nt-driver-builder\x0f %s \x0306%s\x0f",
			action, driver))
}