/**
* @description Meshcentral web server
* @author Ylian Saint-Hilaire
* @copyright Intel Corporation 2018-2019
* @license Apache-2.0
* @version v0.0.2
*/

/*jslint node: true */
/*jshint node: true */
/*jshint strict:false */
/*jshint -W097 */
/*jshint esversion: 6 */
"use strict";

// ExpressJS login sample
// https://github.com/expressjs/express/blob/master/examples/auth/index.js

// Construct a HTTP redirection web server object
module.exports.CreateRedirServer = function (parent, db, args, func) {
    var obj = {};
    obj.parent = parent;
    obj.db = db;
    obj.args = args;
    obj.certificates = null;
    obj.express = require("express");
    obj.net = require("net");
    obj.app = obj.express();
    obj.tcpServer = null;
    obj.port = null;

    // Perform an HTTP to HTTPS redirection
    function performRedirection(req, res) {
        var host = req.headers.host;
        if (obj.certificates != null) {
            host = obj.certificates.CommonName;
            if (obj.certificates.CommonName.indexOf('.') == -1) { host = req.headers.host; }
        }
        var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
        if (req.headers && req.headers.host && (req.headers.host.split(":")[0].toLowerCase() == "localhost")) {
            res.redirect("https://localhost:" + httpsPort + req.url);
        } else {
            res.redirect("https://" + host + ":" + httpsPort + req.url);
        }
    }

    /*
    // Return the current domain of the request
    function getDomain(req) {
        var x = req.url.split("/");
        if (x.length < 2) { return parent.config.domains[""]; }
        if (parent.config.domains[x[1].toLowerCase()]) { return parent.config.domains[x[1].toLowerCase()]; }
        return parent.config.domains[""];
    }
    */

    // Renter the terms of service.
    obj.app.get("/MeshServerRootCert.cer", function (req, res) {
        // The redirection server starts before certificates are loaded, make sure to handle the case where no certificate is loaded now.
        if (obj.certificates != null) {
            res.set({ "Cache-Control": "no-cache, no-store, must-revalidate", "Pragma": "no-cache", "Expires": "0", "Content-Type": "application/octet-stream", "Content-Disposition": "attachment; filename=\"" + obj.certificates.RootName + ".cer\"" });
            var rootcert = obj.certificates.root.cert;
            var i = rootcert.indexOf("-----BEGIN CERTIFICATE-----\r\n");
            if (i >= 0) { rootcert = rootcert.substring(i + 29); }
            i = rootcert.indexOf("-----END CERTIFICATE-----");
            if (i >= 0) { rootcert = rootcert.substring(i, 0); }
            res.send(Buffer.from(rootcert, "base64"));
        } else {
            res.sendStatus(404);
        }
    });

    // Add HTTP security headers to all responses
    obj.app.use(function (req, res, next) {
        res.removeHeader("X-Powered-By");
        res.set({ "strict-transport-security": "max-age=60000; includeSubDomains", "Referrer-Policy": "no-referrer", "x-frame-options": "SAMEORIGIN", "X-XSS-Protection": "1; mode=block", "X-Content-Type-Options": "nosniff", "Content-Security-Policy": "default-src http: ws: \"self\" \"unsafe-inline\"" });
        return next();
    });

    // Once the main web server is started, call this to hookup additional handlers
    obj.hookMainWebServer = function (certs) {
        obj.certificates = certs;
        for (var i in parent.config.domains) {
            if (parent.config.domains[i].dns != null) { continue; }
            var url = parent.config.domains[i].url;
            obj.app.post(url + "amtevents.ashx", obj.parent.webserver.handleAmtEventRequest);
            obj.app.get(url + "meshsettings", obj.parent.webserver.handleMeshSettingsRequest);
            obj.app.get(url + "meshagents", obj.parent.webserver.handleMeshAgentRequest);
        }
    };

    // Setup all HTTP redirection handlers
    //obj.app.set("etag", false);
    for (var i in parent.config.domains) {
        if (parent.config.domains[i].dns != null) { continue; }
        var url = parent.config.domains[i].url;
        obj.app.get(url, performRedirection);
        obj.app.use(url + "clickonce", obj.express.static(obj.parent.path.join(__dirname, "public/clickonce"))); // Indicates the clickonce folder is public
    }

    // Find a free port starting with the specified one and going up.
    function CheckListenPort(port, func) {
        var s = obj.net.createServer(function (socket) { });
        obj.tcpServer = s.listen(port, function () { s.close(function () { if (func) { func(port); } }); }).on("error", function (err) {
            if (args.exactports) { console.error("ERROR: MeshCentral HTTP server port " + port + " not available."); process.exit(); }
            else { if (port < 65535) { CheckListenPort(port + 1, func); } else { if (func) { func(0); } } }
        });
    }

    // Start the ExpressJS web server, if the port is busy try the next one.
    function StartRedirServer(port) {
        if (port == 0 || port == 65535) { return; }
        obj.tcpServer = obj.app.listen(port, function () {
            obj.port = port;
            console.log("MeshCentral HTTP redirection server running on port " + port + ".");
            obj.parent.updateServerState("redirect-port", port);
            func(obj.port);
        }).on("error", function (err) {
            if ((err.code == "EACCES") && (port < 65535)) { StartRedirServer(port + 1); } else { console.log(err); func(obj.port); }
        });
    }

    CheckListenPort(args.redirport, StartRedirServer);

    return obj;
};