package main

import (
	"context"
	"fmt"
	"log"
	"os"
	"net/http"
	"net/url"
	"strings"
	"time"

	"github.com/emersion/go-webdav/caldav"
	"nxcaldav/internal/backend"
	"nxcaldav/internal/config"
)

func main() {
	path := "config.yaml";
	if len(os.Args) != 0 {
		if os.Args[1] == "-c" {
			path = os.Args[2]
		}
	}
	cfg, err := config.Load()
	if err != nil {
		log.Fatalf("failed to load config: %v", err)
	}

	ctx := context.Background()
	be, err := backend.NewDBBackend(ctx, cfg)
	if err != nil {
		log.Fatalf("failed to initialize database backend: %v", err)
	}

	handler := &caldav.Handler{Backend: be}

	publicURL, _ := url.Parse(cfg.Server.PublicURL)

	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		// Proxy-aware normalization:
		if publicURL != nil && publicURL.Host != "" {
			r.Host = publicURL.Host
			r.URL.Host = publicURL.Host
			
			// Detect scheme: prioritize X-Forwarded-Proto, then PublicURL
			scheme := publicURL.Scheme
			if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {
				scheme = proto
			}
			r.URL.Scheme = scheme

			// Also rewrite WebDAV Destination header (used for MOVE/COPY)
			if dest := r.Header.Get("Destination"); dest != "" {
				destURL, err := url.Parse(dest)
				if err == nil {
					destURL.Host = publicURL.Host
					destURL.Scheme = scheme
					r.Header.Set("Destination", destURL.String())
				}
			}
		}

		prefix := cfg.Server.BasePath()
		if strings.HasPrefix(r.URL.Path, prefix+"/public/") {
			be.ServePublicICS(w, r)
			return
		}

		user, password, ok := r.BasicAuth()
		if !ok {
			w.Header().Set("WWW-Authenticate", `Basic realm="CalDAV Server"`)
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}

		// Verify via Database (bcrypt)
		valid, err := be.VerifyUser(r.Context(), user, password)
		if err != nil {
			log.Printf("auth error for %s: %v", user, err)
			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
			return
		}

		if !valid {
			log.Printf("auth failed for %s", user)
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}

		log.Printf("%s %s (user: %s)", r.Method, r.URL.Path, user)
		prefix = cfg.Server.BasePath()
		principalPath := prefix + fmt.Sprintf("/%s/", user)
		ctx := context.WithValue(r.Context(), "principal", principalPath)

		if r.URL.Path == "/.well-known/caldav" || r.URL.Path == prefix+"/.well-known/caldav" {
			// If we normalized the request, use the normalized host/scheme for the redirect
			if publicURL != nil && publicURL.Host != "" {
				scheme := r.URL.Scheme
				if scheme == "" {
					scheme = "http"
				}
				target := fmt.Sprintf("%s://%s%s", scheme, r.Host, principalPath)
				http.Redirect(w, r, target, http.StatusMovedPermanently)
			} else {
				http.Redirect(w, r, principalPath, http.StatusMovedPermanently)
			}
			return
		}


		handler.ServeHTTP(w, r.WithContext(ctx))
	})

	fmt.Printf("Starting CalDAV server on %s...\n", cfg.Server.BindAddress)
	server := &http.Server{
		Addr:         cfg.Server.BindAddress,
		ReadTimeout:  30 * time.Second,
		WriteTimeout: 30 * time.Second,
	}
	if err := server.ListenAndServe(); err != nil {
		log.Fatalf("server failed: %v", err)
	}
}