'use strict';

var packer = require('tunnel-packer');
var sni = require('sni');

function pipeWs(servername, service, conn, remote) {
  console.log('[pipeWs] servername:', servername, 'service:', service);

  var browserAddr = packer.socketToAddr(conn);
  browserAddr.service = service;
  var cid = packer.addrToId(browserAddr);
  conn.tunnelCid = cid;
  console.log('[pipeWs] browser is', cid, 'home-cloud is', packer.socketToId(remote.upgradeReq.socket));

  function sendWs(data, serviceOverride) {
    if (remote.ws && (!conn.tunnelClosing || serviceOverride)) {
      try {
        remote.ws.send(packer.pack(browserAddr, data, serviceOverride), { binary: true });
        // If we can't send data over the websocket as fast as this connection can send it to us
        // (or there are a lot of connections trying to send over the same websocket) then we
        // need to pause the connection for a little. We pause all connections if any are paused
        // to make things more fair so a connection doesn't get stuck waiting for everyone else
        // to finish because it got caught on the boundary. Also if serviceOverride is set it
        // means the connection is over, so no need to pause it.
        if (!serviceOverride && (remote.pausedConns.length || remote.ws.bufferedAmount > 1024*1024)) {
          // console.log('pausing', cid, 'to allow web socket to catch up');
          conn.pause();
          remote.pausedConns.push(conn);
        }
      } catch (err) {
        console.warn('[pipeWs] error sending websocket message', err);
      }
    }
  }

  remote.clients[cid] = conn;
  conn.on('data', function (chunk) {
    console.log('[pipeWs] data from browser to tunneler', chunk.byteLength);
    sendWs(chunk);
  });
  conn.on('error', function (err) {
    console.warn('[pipeWs] browser connection error', err);
  });
  conn.on('close', function (hadErr) {
    console.log('[pipeWs] browser connection closing');
    sendWs(null, hadErr ? 'error': 'end');
    delete remote.clients[cid];
  });
}

module.exports.createTcpConnectionHandler = function (copts) {
  var Devices = copts.Devices;

  return function onTcpConnection(conn) {
    // this works when I put it here, but I don't know if it's tls yet here
    // httpsServer.emit('connection', socket);
    //tls3000.emit('connection', socket);

    //var tlsSocket = new tls.TLSSocket(socket, { secureContext: tls.createSecureContext(tlsOpts) });
    //tlsSocket.on('data', function (chunk) {
    //  console.log('dummy', chunk.byteLength);
    //});

    //return;
    conn.once('data', function (firstChunk) {
      // BUG XXX: this assumes that the packet won't be chunked smaller
      // than the 'hello' or the point of the 'Host' header.
      // This is fairly reasonable, but there are edge cases where
      // it does not hold (such as manual debugging with telnet)
      // and so it should be fixed at some point in the future

      // defer after return (instead of being in many places)
      process.nextTick(function () {
        conn.unshift(firstChunk);
      });

      var service = 'tcp';
      var servername;
      var str;
      var m;

      function tryTls() {
        if (!copts.servernames.length) {
          console.log("https => admin => setup => (needs bogus tls certs to start?)");
          copts.httpsSetupServer(servername, conn);
          return;
        }

        if (-1 !== copts.servernames.indexOf(servername)) {
          console.log("Lock and load, admin interface time!");
          copts.httpsTunnel(servername, conn);
          return;
        }

        if (!servername) {
          console.log("No SNI was given, so there's nothing we can do here");
          copts.httpsInvalid(servername, conn);
          return;
        }

        var nextDevice = Devices.next(copts.deviceLists, servername);
        if (!nextDevice) {
          console.log("No devices match the given servername");
          copts.httpsInvalid(servername, conn);
          return;
        }

        console.log("pipeWs(servername, service, socket, deviceLists['" + servername + "'])");
        pipeWs(servername, service, conn, nextDevice);
      }

      // https://github.com/mscdex/httpolyglot/issues/3#issuecomment-173680155
      if (22 === firstChunk[0]) {
        // TLS
        service = 'https';
        servername = (sni(firstChunk)||'').toLowerCase();
        console.log("tls hello servername:", servername);
        tryTls();
        return;
      }

      if (firstChunk[0] > 32 && firstChunk[0] < 127) {
        str = firstChunk.toString();
        m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
        servername = (m && m[1].toLowerCase() || '').split(':')[0];
        console.log('servername', servername);

        if (/HTTP\//i.test(str)) {
          if (!copts.servernames.length) {
            console.log('copts.httpSetupServer', copts.httpSetupServer);
            copts.httpSetupServer.emit('connection', conn);
            return;
          }

          service = 'http';
          // TODO make https redirect configurable
          // /^\/\.well-known\/acme-challenge\//.test(str)
          if (/well-known/.test(str)) {
            // HTTP
            if (Devices.exist(copts.deviceLists, servername)) {
              pipeWs(servername, service, conn, Devices.next(copts.deviceLists, servername));
              return;
            }
            copts.handleHttp(servername, conn);
          }
          else {
            // redirect to https
            copts.handleInsecureHttp(servername, conn);
          }
          return;
        }
      }

      console.error("Got unexpected connection", str);
      conn.write(JSON.stringify({ error: {
        message: "not sure what you were trying to do there..."
      , code: 'E_INVALID_PROTOCOL' }
      }));
      conn.end();
    });
    conn.on('error', function (err) {
      console.error('[error] tcp socket raw TODO forward and close');
      console.error(err);
    });
  };
};