package dynamicproxy

import (
	"log"
	"net/http"
	"os"
	"path/filepath"

	"imuslab.com/zoraxy/mod/access"
	"imuslab.com/zoraxy/mod/netutils"
)

// Handle access check (blacklist / whitelist), return true if request is handled (aka blocked)
// if the return value is false, you can continue process the response writer
func (h *ProxyHandler) handleAccessRouting(ruleID string, w http.ResponseWriter, r *http.Request) bool {
	accessRule, err := h.Parent.Option.AccessController.GetAccessRuleByID(ruleID)
	if err != nil {
		//Unable to load access rule. Target rule not found?
		log.Println("[Proxy] Unable to load access rule: " + ruleID)
		w.WriteHeader(http.StatusInternalServerError)
		w.Write([]byte("500 - Internal Server Error"))
		return true
	}

	isBlocked, blockedReason := accessRequestBlocked(accessRule, h.Parent.Option.WebDirectory, w, r)
	if isBlocked {
		h.logRequest(r, false, 403, blockedReason, "")
	}
	return isBlocked
}

// Return boolean, return true if access is blocked
// For string, it will return the blocked reason (if any)
func accessRequestBlocked(accessRule *access.AccessRule, templateDirectory string, w http.ResponseWriter, r *http.Request) (bool, string) {
	//Check if this ip is in blacklist
	clientIpAddr := netutils.GetRequesterIP(r)
	if accessRule.IsBlacklisted(clientIpAddr) {
		w.Header().Set("Content-Type", "text/html; charset=utf-8")
		w.WriteHeader(http.StatusForbidden)
		template, err := os.ReadFile(filepath.Join(templateDirectory, "templates/blacklist.html"))
		if err != nil {
			w.Write(page_forbidden)
		} else {
			w.Write(template)
		}

		return true, "blacklist"
	}

	//Check if this ip is in whitelist
	if !accessRule.IsWhitelisted(clientIpAddr) {
		w.Header().Set("Content-Type", "text/html; charset=utf-8")
		w.WriteHeader(http.StatusForbidden)
		template, err := os.ReadFile(filepath.Join(templateDirectory, "templates/whitelist.html"))
		if err != nil {
			w.Write(page_forbidden)
		} else {
			w.Write(template)
		}
		return true, "whitelist"
	}

	//Not blocked.
	return false, ""
}