{-# LANGUAGE LambdaCase, TemplateHaskell #-}
{-# OPTIONS_GHC -fno-warn-type-defaults #-}
{-|
Module      : PostgREST.Config
Description : Manages PostgREST configuration options.

This module provides a helper function to read the command line
arguments using the optparse-applicative and the AppConfig type to store
them.  It also can be used to define other middleware configuration that
may be delegated to some sort of external configuration.

It currently includes a hardcoded CORS policy but this could easly be
turned in configurable behaviour if needed.

Other hardcoded options such as the minimum version number also belong here.
-}
module PostgREST.Config ( prettyVersion
                        , docsVersion
                        , readOptions
                        , corsPolicy
                        , AppConfig (..)
                        )
       where

import           Control.Applicative
import           Control.Monad                (fail)
import           Control.Lens                 (preview)
import           Crypto.JWT                   (StringOrURI,
                                               stringOrUri)
import qualified Data.ByteString              as B
import qualified Data.ByteString.Char8        as BS
import qualified Data.CaseInsensitive         as CI
import qualified Data.Configurator            as C
import qualified Data.Configurator.Parser     as C
import           Data.Configurator.Types      as C
import           Data.List                    (lookup)
import           Data.Monoid
import           Data.Scientific              (floatingOrInteger)
import           Data.String                  (String)
import           Data.Text                    (dropAround,
                                               intercalate, lines,
                                               strip, take, splitOn)
import           Data.Text.Encoding           (encodeUtf8)
import           Data.Text.IO                 (hPutStrLn)
import           Data.Version                 (versionBranch)
import           Development.GitRev           (gitHash)
import           Network.Wai
import           Network.Wai.Middleware.Cors  (CorsResourcePolicy (..))
import           Options.Applicative          hiding (str)
import           Paths_postgrest              (version)
import           PostgREST.Parsers            (pRoleClaimKey)
import           PostgREST.Types              (ApiRequestError(..),
                                               JSPath, JSPathExp(..))
import           Protolude                    hiding (hPutStrLn, take,
                                               intercalate, (<>))
import           System.IO                    (hPrint)
import           System.IO.Error              (IOError)
import           Text.Heredoc
import           Text.PrettyPrint.ANSI.Leijen hiding ((<$>), (<>))
import qualified Text.PrettyPrint.ANSI.Leijen as L

-- | Config file settings for the server
data AppConfig = AppConfig {
    configDatabase          :: Text
  , configAnonRole          :: Text
  , configProxyUri          :: Maybe Text
  , configSchema            :: Text
  , configHost              :: Text
  , configPort              :: Int

  , configJwtSecret         :: Maybe B.ByteString
  , configJwtSecretIsBase64 :: Bool
  , configJwtAudience       :: Maybe StringOrURI

  , configPool              :: Int
  , configMaxRows           :: Maybe Integer
  , configReqCheck          :: Maybe Text
  , configQuiet             :: Bool
  , configSettings          :: [(Text, Text)]
  , configRoleClaimKey      :: Either ApiRequestError JSPath
  , configExtraSearchPath   :: [Text]
  }

defaultCorsPolicy :: CorsResourcePolicy
defaultCorsPolicy =  CorsResourcePolicy Nothing
  ["GET", "POST", "PATCH", "PUT", "DELETE", "OPTIONS"] ["Authorization"] Nothing
  (Just $ 60*60*24) False False True

-- | CORS policy to be used in by Wai Cors middleware
corsPolicy :: Request -> Maybe CorsResourcePolicy
corsPolicy req = case lookup "origin" headers of
  Just origin -> Just defaultCorsPolicy {
      corsOrigins = Just ([origin], True)
    , corsRequestHeaders = "Authentication":accHeaders
    , corsExposedHeaders = Just [
        "Content-Encoding", "Content-Location", "Content-Range", "Content-Type"
      , "Date", "Location", "Server", "Transfer-Encoding", "Range-Unit"
      ]
    }
  Nothing -> Nothing
  where
    headers = requestHeaders req
    accHeaders = case lookup "access-control-request-headers" headers of
      Just hdrs -> map (CI.mk . toS . strip . toS) $ BS.split ',' hdrs
      Nothing -> []

-- | User friendly version number
prettyVersion :: Text
prettyVersion =
  intercalate "." (map show $ versionBranch version)
  <> " (" <> take 7 $(gitHash) <> ")"

-- | Version number used in docs
docsVersion :: Text
docsVersion = "v" <> dropAround (== '.') (dropAround (/= '.') prettyVersion)

-- | Function to read and parse options from the command line
readOptions :: IO AppConfig
readOptions = do
  -- First read the config file path from command line
  cfgPath <- customExecParser parserPrefs opts
  -- Now read the actual config file
  conf <- catch
    (C.readConfig =<< C.load [C.Required cfgPath])
    configNotfoundHint

  let (mAppConf, errs) = flip C.runParserM conf $
        AppConfig
          <$> C.key "db-uri"
          <*> C.key "db-anon-role"
          <*> (mfilter (/= "") <$> C.key "server-proxy-uri")
          <*> C.key "db-schema"
          <*> (fromMaybe "127.0.0.1" . mfilter (/= "") <$> C.key "server-host")
          <*> (fromMaybe 3000 . join . fmap coerceInt <$> C.key "server-port")
          <*> (fmap encodeUtf8 . mfilter (/= "") <$> C.key "jwt-secret")
          <*> (fromMaybe False . join . fmap coerceBool <$> C.key "secret-is-base64")
          <*> parseJwtAudience "jwt-aud"
          <*> (fromMaybe 10 . join . fmap coerceInt <$> C.key "db-pool")
          <*> (join . fmap coerceInt <$> C.key "max-rows")
          <*> (mfilter (/= "") <$> C.key "pre-request")
          <*> pure False
          <*> (fmap (fmap coerceText) <$> C.subassocs "app.settings")
          <*> (maybe (Right [JSPKey "role"]) parseRoleClaimKey <$> C.key "role-claim-key")
          <*> (maybe ["public"] splitExtraSearchPath <$> C.key "db-extra-search-path")

  case mAppConf of
    Nothing -> do
      forM_ errs $ hPrint stderr
      exitFailure
    Just appConf ->
      return appConf

  where
    parseJwtAudience :: Name -> C.ConfigParserM (Maybe StringOrURI)
    parseJwtAudience k =
      C.key k >>= \case
        Nothing -> pure Nothing -- no audience in config file
        Just aud -> case preview stringOrUri (aud :: String) of
          Nothing -> fail "Invalid Jwt audience. Check your configuration."
          (Just "") -> pure Nothing
          aud' -> pure aud'

    coerceText :: Value -> Text
    coerceText (String s) = s
    coerceText v = show v

    coerceInt :: (Read i, Integral i) => Value -> Maybe i
    coerceInt (Number x) = rightToMaybe $ floatingOrInteger x
    coerceInt (String x) = readMaybe $ toS x
    coerceInt _          = Nothing

    coerceBool :: Value -> Maybe Bool
    coerceBool (Bool b)   = Just b
    coerceBool (String b) = readMaybe $ toS b
    coerceBool _          = Nothing

    parseRoleClaimKey :: Value -> Either ApiRequestError JSPath
    parseRoleClaimKey (String s) = pRoleClaimKey s
    parseRoleClaimKey v = pRoleClaimKey $ show v

    splitExtraSearchPath :: Value -> [Text]
    splitExtraSearchPath (String s) = strip <$> splitOn "," s
    splitExtraSearchPath _ = []

    opts = info (helper <*> pathParser) $
             fullDesc
             <> progDesc (
                 "PostgREST "
                 <> toS prettyVersion
                 <> " / create a REST API to an existing Postgres database"
               )
             <> footerDoc (Just $
                 text "Example Config File:"
                 L.<> nest 2 (hardline L.<> exampleCfg)
               )

    parserPrefs = prefs showHelpOnError

    configNotfoundHint :: IOError -> IO a
    configNotfoundHint e = do
      hPutStrLn stderr $
        "Cannot open config file:\n\t" <> show e
      exitFailure

    exampleCfg :: Doc
    exampleCfg = vsep . map (text . toS) . lines $
      [str|db-uri = "postgres://user:pass@localhost:5432/dbname"
          |db-schema = "public" # this schema gets added to the search_path of every request
          |db-anon-role = "postgres"
          |db-pool = 10
          |
          |server-host = "127.0.0.1"
          |server-port = 3000
          |
          |## base url for swagger output
          |# server-proxy-uri = ""
          |
          |## choose a secret, JSON Web Key (or set) to enable JWT auth
          |## (use "@filename" to load from separate file)
          |# jwt-secret = "foo"
          |# secret-is-base64 = false
          |# jwt-aud = "your_audience_claim"
          |
          |## limit rows in response
          |# max-rows = 1000
          |
          |## stored proc to exec immediately after auth
          |# pre-request = "stored_proc_name"
          |
          |## jspath to the role claim key
          |# role-claim-key = ".role"
          |
          |## extra schemas to add to the search_path of every request
          |# db-extra-search-path = "extensions, util"
          |]

pathParser :: Parser FilePath
pathParser =
  strArgument $
    metavar "FILENAME" <>
    help "Path to configuration file"