import re

from commia.prelude import *
from commia.ssh import scp, ssh_args, ssh_prewarm
from commia.util import with_written

spacing_pattern = re.compile(r"([;,{}])$")

handoff = Path("nginx/handoff.html").read_text().splitlines()
handoff = map(lambda line: line.lstrip("\t"), handoff)
handoff = map(lambda line: spacing_pattern.sub(r"\1 ", line), handoff)
handoff = "".join(handoff).replace('"', '\\"').replace("$", "${dollar}")

auth_check = """if ($cookie___proxy_token = "") {
            return 303 https://$host/.nginx/handoff.html;
        }
        auth_request /.nginx/auth;"""

auth_locations = (
    '''location /.nginx/auth {
                internal;
                js_content nginx.validate;
            }
    
            location /.nginx/scopes {
                internal;
                proxy_pass http://[::1]:8001/scopes/$arg_token;
            }
    
            location /.nginx/handoff.html {
                return 200 "'''
    + handoff
    + """";
            }

            location /.nginx/cookie {
                add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; samesite=strict; httponly; secure";
                return 200;
            }"""
)

nginx_conf = (
    Path("nginx/nginx.conf")
    .read_text()
    .replace("%AUTH_CHECK%", auth_check)
    .replace("%AUTH_LOCATIONS%", auth_locations)
)

ssh_prewarm("asylum", "secrets@bearer")
with_written(
    nginx_conf,
    lambda path: scp(path, "asylum:/etc/nginx/nginx.conf"),
)

for name in ["nginx.js", "mime.types", "fastcgi.conf"]:
    scp(f"nginx/{name}", f"asylum:/etc/nginx/{name}")

if run(p([*ssh_args(), "nginx", "-t"])).returncode == 0:
    run_check(p([*ssh_args(), "systemctl", "restart", "nginx"]))