// modem-bridge/server.js — REST API for headless modem access
// targo-hub (3300) -> modem-bridge (3301) -> TP-Link ONU (172.17.x.x:443)
// Internal only, token auth, read-only, sessions expire after 5 min idle

const http = require('http');
const url = require('url');
const tp = require('./lib/tplink-session');

const PORT = parseInt(process.env.BRIDGE_PORT || '3301');
const TOKEN = process.env.BRIDGE_TOKEN || '';

function json(res, data, status = 200) {
  res.writeHead(status, { 'Content-Type': 'application/json' });
  res.end(JSON.stringify(data));
}

function err(res, msg, status = 400) {
  json(res, { error: msg }, status);
}

function parseBody(req) {
  return new Promise((resolve, reject) => {
    let body = '';
    req.on('data', c => body += c);
    req.on('end', () => {
      try { resolve(body ? JSON.parse(body) : {}); }
      catch(e) { reject(new Error('Invalid JSON')); }
    });
    req.on('error', reject);
  });
}

function isPrivateIp(ip) {
  if (!ip) return false;
  const parts = ip.split('.').map(Number);
  if (parts.length !== 4 || parts.some(p => isNaN(p) || p < 0 || p > 255)) return false;
  if (parts[0] === 10) return true;
  if (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) return true;
  if (parts[0] === 192 && parts[1] === 168) return true;
  return false;
}

function checkAuth(req, res) {
  if (!TOKEN) return true;
  const auth = req.headers['authorization'];
  if (auth === `Bearer ${TOKEN}`) return true;
  err(res, 'Unauthorized', 401);
  return false;
}

async function modemHandler(res, fn) {
  try { const r = await fn(); json(res, r); }
  catch(e) { err(res, e.message, e.message.includes('No active session') ? 401 : 500); }
}

const server = http.createServer(async (req, res) => {
  const parsed = url.parse(req.url, true);
  const path = parsed.pathname;
  const method = req.method;

  res.setHeader('Access-Control-Allow-Origin', '*');
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
  res.setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
  if (method === 'OPTIONS') { res.writeHead(204); res.end(); return; }

  if (path === '/health' && method === 'GET') {
    return json(res, { status: 'ok', sessions: tp.listSessions().length, uptime: process.uptime() });
  }

  if (!checkAuth(req, res)) return;

  try {
    if (path === '/session/login' && method === 'POST') {
      const body = await parseBody(req);
      const { ip, user, pass } = body;
      if (!ip || !user || !pass) return err(res, 'Missing required fields: ip, user, pass');
      if (!isPrivateIp(ip)) return err(res, 'IP must be in a private range (10.x, 172.16-31.x, 192.168.x)');
      try { json(res, await tp.login(ip, user, pass, body.path || '/superadmin')); }
      catch(e) { err(res, e.message, 500); }
      return;
    }
    if (path === '/session/list' && method === 'GET') {
      return json(res, tp.listSessions());
    }

    const deleteMatch = path.match(/^\/session\/(\d+\.\d+\.\d+\.\d+)$/);
    if (deleteMatch && method === 'DELETE') {
      await tp.closeSession(deleteMatch[1]);
      return json(res, { ok: true });
    }

    // POST /diagnostic/oneshot — stateless: login → scrape → logout → close (no session reuse)
    if (path === '/diagnostic/oneshot' && method === 'POST') {
      const body = await parseBody(req);
      const { ip, user, pass } = body;
      if (!ip || !user || !pass) return err(res, 'Missing required fields: ip, user, pass');
      if (!isPrivateIp(ip)) return err(res, 'IP must be in a private range');
      try { json(res, await tp.oneshotDiagnostic(ip, user, pass)); }
      catch(e) { err(res, e.message, 500); }
      return;
    }

    // GET /identify/:ip — auto-detect modem vendor and type
    const idMatch = path.match(/^\/identify\/(\d+\.\d+\.\d+\.\d+)$/);
    if (idMatch && method === 'GET') {
      if (!isPrivateIp(idMatch[1])) return err(res, 'IP must be in a private range');
      try { json(res, await tp.identify(idMatch[1])); }
      catch(e) { err(res, e.message, 500); }
      return;
    }

    // GET /modem-types — list known modem types
    if (path === '/modem-types' && method === 'GET') {
      return json(res, tp.MODEM_TYPES);
    }

    const modemMatch = path.match(/^\/modem\/(\d+\.\d+\.\d+\.\d+)\//);
    if (modemMatch) {
      const ip = modemMatch[1];
      const subPath = path.slice(modemMatch[0].length - 1);

      if (subPath === '/status' && method === 'GET') {
        return await modemHandler(res, () => tp.getStatus(ip));
      }

      const dmMatch = subPath.match(/^\/dm\/(.+)$/);
      if (dmMatch && method === 'GET') {
        return await modemHandler(res, () => {
          const opts = {};
          if (parsed.query.stack) opts.stack = parsed.query.stack;
          if (parsed.query.attrs) opts.attrs = parsed.query.attrs.split(',');
          return tp.dmGet(ip, dmMatch[1], opts);
        });
      }

      const cgiMatch = subPath.match(/^\/cgi\/(.+)$/);
      if (cgiMatch && method === 'GET') {
        return await modemHandler(res, () => tp.cgiRequest(ip, '/cgi/' + cgiMatch[1]));
      }

      if (subPath === '/wifi/diagnostic' && method === 'GET') {
        return await modemHandler(res, () => tp.wifiDiagnostic(ip));
      }

      if (subPath === '/diagnostic/full' && method === 'GET') {
        return await modemHandler(res, () => tp.unifiedDiagnostic(ip));
      }

      if (subPath === '/diagnostic' && method === 'GET') {
        return await modemHandler(res, () => tp.raisecomDiagnostic(ip));
      }

      if (subPath === '/screenshot' && method === 'GET') {
        try {
          const buf = await tp.screenshot(ip);
          res.writeHead(200, { 'Content-Type': 'image/png', 'Content-Length': buf.length });
          res.end(buf);
        } catch(e) {
          err(res, e.message, e.message.includes('No active session') ? 401 : 500);
        }
        return;
      }

      if (subPath === '/evaluate' && method === 'POST') {
        try {
          const body = await parseBody(req);
          if (!body.code) return err(res, 'Missing code field');
          const result = await tp.evaluate(ip, body.code);
          return json(res, { result });
        } catch(e) {
          return err(res, e.message, e.message.includes('No active session') ? 401 : 500);
        }
      }
    }

    err(res, 'Not found', 404);
  } catch(e) {
    console.error('[modem-bridge] Unhandled error:', e);
    err(res, 'Internal error: ' + e.message, 500);
  }
});

server.listen(PORT, () => {
  console.log(`[modem-bridge] Listening on port ${PORT}`);
  console.log(`[modem-bridge] Auth: ${TOKEN ? 'enabled' : 'disabled (dev mode)'}`);
});

process.on('SIGTERM', async () => {
  console.log('[modem-bridge] SIGTERM received, shutting down...');
  await tp.shutdown();
  server.close();
  process.exit(0);
});

process.on('SIGINT', async () => {
  console.log('[modem-bridge] SIGINT received, shutting down...');
  await tp.shutdown();
  server.close();
  process.exit(0);
});

process.on('uncaughtException', (e) => {
  console.error('[modem-bridge] Uncaught exception:', e);
});