'use strict';

module.exports.create = function (deps, config) {
  console.log('config', config);

  //var PromiseA = global.Promise;
  var PromiseA = require('bluebird');
  var listeners = require('./servers').listeners;
  var domainUtils = require('./domain-utils');
  var modules;

  var addrProperties = [
    'remoteAddress'
  , 'remotePort'
  , 'remoteFamily'
  , 'localAddress'
  , 'localPort'
  , 'localFamily'
  ];

  function nameMatchesDomains(name, domainList) {
    return domainList.some(function (pattern) {
      return domainUtils.match(pattern, name);
    });
  }

  function loadModules() {
    modules = {};

    modules.tls  = require('./modules/tls').create(deps, config, tcpHandler);
    modules.http = require('./modules/http').create(deps, config, modules.tls.middleware);
  }

  function checkTcpProxy(conn, opts) {
    var proxied = false;

    // TCP Proxying (ie forwarding based on domain name not incoming port) only works for
    // TLS wrapped connections, so if the opts don't give us a servername or don't tell us
    // this is the decrypted side of a TLS connection we can't handle it here.
    if (!opts.servername || !opts.encrypted) { return proxied; }

    function proxy(mod) {
      // First thing we need to add to the connection options is where to proxy the connection to
      var newConnOpts = domainUtils.separatePort(mod.address || '');
      newConnOpts.port = newConnOpts.port || mod.port;
      newConnOpts.host = newConnOpts.host || mod.host || 'localhost';

      // Then we add all of the connection address information. We need to prefix all of the
      // properties with '_' so we can provide the information to any connection `createConnection`
      // implementation but not have the default implementation try to bind the same local port.
      addrProperties.forEach(function (name) {
        newConnOpts['_' + name] = opts[name] || opts['_'+name] || conn[name] || conn['_'+name];
      });

      deps.proxy(conn, newConnOpts);
      return true;
    }

    proxied = config.domains.some(function (dom) {
      if (!dom.modules || !Array.isArray(dom.modules.tcp)) { return false; }
      if (!nameMatchesDomains(opts.servername, dom.names)) { return false; }

      return dom.modules.tcp.some(function (mod) {
        if (mod.type !== 'proxy') { return false; }

        return proxy(mod);
      });
    });

    proxied = proxied || config.tcp.modules.some(function (mod) {
      if (mod.type !== 'proxy') { return false; }
      if (!nameMatchesDomains(opts.servername, mod.domains)) { return false; }

      return proxy(mod);
    });

    return proxied;
  }

  // opts = { servername, encrypted, peek, data, remoteAddress, remotePort }
  function peek(conn, firstChunk, opts) {
    if (!modules) {
      loadModules();
    }

    opts.firstChunk = firstChunk;
    conn.__opts = opts;
    // TODO port/service-based routing can do here

    // TLS byte 1 is handshake and byte 6 is client hello
    if (0x16 === firstChunk[0]/* && 0x01 === firstChunk[5]*/) {
      modules.tls.emit('connection', conn);
      return;
    }

    // This doesn't work with TLS, but now that we know this isn't a TLS connection we can
    // unshift the first chunk back onto the connection for future use. The unshift should
    // happen after any listeners are attached to it but before any new data comes in.
    if (!opts.hyperPeek) {
      process.nextTick(function () {
        conn.unshift(firstChunk);
      });
    }

    // Connection is not TLS, check for HTTP next.
    if (firstChunk[0] > 32 && firstChunk[0] < 127) {
      var firstStr = firstChunk.toString();
      if (/HTTP\//i.test(firstStr)) {
        modules.http.emit('connection', conn);
        return;
      }
    }

    console.warn('failed to identify protocol from first chunk', firstChunk);
    conn.destroy();
  }
  function tcpHandler(conn, opts) {
    function getProp(name) {
      return opts[name] || opts['_'+name] || conn[name] || conn['_'+name];
    }
    opts = opts || {};
    var logName = getProp('remoteAddress') + ':' + getProp('remotePort') + ' -> ' +
                  getProp('localAddress')  + ':' + getProp('localPort');
    console.log('[tcpHandler]', logName, 'connection started - encrypted: ' + (opts.encrypted || false));

    var start = Date.now();
    conn.on('timeout', function () {
      console.log('[tcpHandler]', logName, 'connection timed out', (Date.now()-start)/1000);
    });
    conn.on('end', function () {
      console.log('[tcpHandler]', logName, 'connection ended', (Date.now()-start)/1000);
    });
    conn.on('close', function () {
      console.log('[tcpHandler]', logName, 'connection closed', (Date.now()-start)/1000);
    });

    if (checkTcpProxy(conn, opts)) { return; }

    // XXX PEEK COMMENT XXX
    // TODO we can have our cake and eat it too
    // we can skip the need to wrap the TLS connection twice
    // because we've already peeked at the data,
    // but this needs to be handled better before we enable that
    // (because it creates new edge cases)
    if (opts.hyperPeek) {
      console.log('hyperpeek');
      peek(conn, opts.firstChunk, opts);
      return;
    }

    function onError(err) {
      console.error('[error] socket errored peeking -', err);
      conn.destroy();
    }
    conn.once('error', onError);
    conn.once('data', function (chunk) {
      conn.removeListener('error', onError);
      peek(conn, chunk, opts);
    });
  }

  function udpHandler(port, msg) {
    if (!Array.isArray(config.udp.modules)) {
      return;
    }
    var socket = require('dgram').createSocket('udp4');
    config.udp.modules.forEach(function (mod) {
      if (mod.type !== 'forward') {
        console.warn('found bad DNS module', mod);
        return;
      }
      if (mod.ports.indexOf(port) < 0) {
        return;
      }

      var dest = require('./domain-utils').separatePort(mod.address || '');
      dest.port = dest.port || mod.port;
      dest.host = dest.host || mod.host || 'localhost';
      socket.send(msg, dest.port, dest.host);
    });
  }

  function createTcpForwarder(mod) {
    var dest = require('./domain-utils').separatePort(mod.address || '');
    dest.port = dest.port || mod.port;
    dest.host = dest.host || mod.host || 'localhost';

    return function (conn) {
      var newConnOpts = {};
      addrProperties.forEach(function (name) {
        newConnOpts['_'+name] = conn[name];
      });

      deps.proxy(conn, Object.assign(newConnOpts, dest));
    };
  }

  deps.tunnel = deps.tunnel || {};
  deps.tunnel.net = {
    createConnection: function (opts, cb) {
      console.log('[gl.tunnel] creating connection');

      // here "reader" means the socket that looks like the connection being accepted
      // here "writer" means the remote-looking part of the socket that driving the connection
      var writer;
      var wrapOpts = {};

      function usePair(err, reader) {
        if (err) {
          process.nextTick(function () {
            writer.emit('error', err);
          });
          return;
        }

        // this has the normal net/tcp stuff plus our custom stuff
        // opts = { address, port,
        //          hostname, servername, tls, encrypted, data, localAddress, localPort, remoteAddress, remotePort, remoteFamily }
        Object.keys(opts).forEach(function (key) {
          wrapOpts[key] = opts[key];
          try {
            reader[key] = opts[key];
          } catch(e) {
            // can't set real socket getters, like remoteAddr
          }
        });

        // A few more extra specialty options
        wrapOpts.localAddress = wrapOpts.localAddress || '127.0.0.2'; // TODO use the tunnel's external address
        wrapOpts.localPort = wrapOpts.localPort || 'tunnel-0';
        try {
          reader._remoteAddress = wrapOpts.remoteAddress;
          reader._remotePort = wrapOpts.remotePort;
          reader._remoteFamily = wrapOpts.remoteFamily;
          reader._localAddress = wrapOpts.localAddress;
          reader._localPort = wrapOpts.localPort;
          reader._localFamily = wrapOpts.localFamily;
        } catch(e) {
        }

        tcpHandler(reader, wrapOpts);

        process.nextTick(function () {
          // this cb will cause the stream to emit its (actually) first data event
          // (even though it already gave a peek into that first data chunk)
          console.log('[tunnel] callback, data should begin to flow');
          cb();
        });
      }

      wrapOpts.firstChunk = opts.data;
      wrapOpts.hyperPeek = !!opts.data;

      // We used to use `stream-pair` for non-tls connections, but there are places
      // that require properties/functions to be present on the socket that aren't
      // present on a JSStream so it caused problems.
      writer = require('socket-pair').create(usePair);
      return writer;
    }
  };
  deps.tunnelClients = require('./tunnel-client-manager').create(deps, config);
  deps.tunnelServer = require('./tunnel-server-manager').create(deps, config);

  var listenPromises = [];
  var tcpPortMap = {};
  config.tcp.bind.filter(Number).forEach(function (port) {
    tcpPortMap[port] = true;
  });

  (config.tcp.modules || []).forEach(function (mod) {
    if (mod.type === 'forward') {
      var forwarder = createTcpForwarder(mod);
      mod.ports.forEach(function (port) {
        if (!tcpPortMap[port]) {
          console.log("forwarding port", port, "that wasn't specified in bind");
        } else {
          delete tcpPortMap[port];
        }
        listenPromises.push(listeners.tcp.add(port, forwarder));
      });
    }
    else if (mod.type !== 'proxy') {
      console.warn('unknown TCP module specified', mod);
    }
  });

  var portList = Object.keys(tcpPortMap).map(Number).sort();
  portList.forEach(function (port) {
    listenPromises.push(listeners.tcp.add(port, tcpHandler));
  });

  if (config.udp.bind) {
    config.udp.bind.forEach(function (port) {
      listenPromises.push(listeners.udp.add(port, udpHandler.bind(port)));
    });
  }

  if (!config.mdns.disabled) {
    require('./mdns').start(deps, config, portList[0]);
  }

  return PromiseA.all(listenPromises);
};