#!/bin/python

"""
Quick and dirty script for things that I can't/don't have time to do properly yet
TODO: retire this script

export DOMAIN=khuedoan.com
export GITEA_USER=gitea_admin
export GITEA_PASSWORD='xxx'
export GITEA_HOST='git.khuedoan.com'
export VAULT_HOST='https://vault.khuedoan.com'
export VAULT_TOKEN='s.xxx'
./scripts/hacks
"""

import json
import os
import sys
import requests
import urllib.parse
from rich.console import Console


# https://git.khuedoan.com/user/settings/applications
# Doing this properly inside the cluster requires:
# - Kubernetes service account
# - Vault Kubernetes auth
domain = os.environ['DOMAIN']
vault_host = os.environ['VAULT_HOST']
vault_token = os.environ['VAULT_TOKEN']

gitea_host = os.getenv('GITEA_HOST', "gitea-http:3000")
gitea_user = os.environ['GITEA_USER']
gitea_pass = urllib.parse.quote_plus(os.environ['GITEA_PASSWORD'])
gitea_url = f"http://{gitea_user}:{gitea_pass}@{gitea_host}"


def create_vault_secret(path: str, data) -> None:
    requests.post(
        url=f"{vault_host}/v1/secret/data/{path}",
        headers={
            'X-Vault-Token': vault_token
        },
        data=json.dumps({
            'data': data
        })
    )


def setup_gitea_access_token(name: str) -> None:
    current_tokens = requests.get(
        url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",
    ).json()

    if not any(token['name'] == name for token in current_tokens):
        resp = requests.post(
            url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",
            headers={
                'Content-Type': 'application/json'
            },
            data=json.dumps({
                'name': name
            })
        )

        if resp.status_code == 201:
            create_vault_secret(
                f"gitea/{name}",
                {
                    'token': resp.json()['sha1']
                }
            )
        else:
            print(f"Error creating access token {name} ({resp.status_code})")
            print(resp.content)
            sys.exit(1)


def setup_gitea_oauth_app(name: str, redirect_uri: str) -> None:
    current_apps = requests.get(
        url=f"{gitea_url}/api/v1/user/applications/oauth2",
    ).json()

    if not any(app['name'] == name for app in current_apps):
        resp = requests.post(
            url=f"{gitea_url}/api/v1/user/applications/oauth2",
            headers={
                'Content-Type': 'application/json'
            },
            data=json.dumps({
                'name': name,
                'redirect_uris': [redirect_uri]
            })
        )

        if resp.status_code == 201:
            create_vault_secret(
                f"gitea/{name}",
                {
                    'client_id': resp.json()['client_id'],
                    'client_secret': resp.json()['client_secret']
                }
            )
        else:
            print(f"Error creating OAuth application {name} ({resp.status_code})")
            print(resp.content)
            sys.exit(1)


def main() -> None:
    with Console().status("Completing the remaining sorcery"):
        gitea_access_tokens = [
            'renovate'
        ]

        gitea_oauth_apps = [
            {'name': 'dex', 'redirect_uri': f"https://dex.{domain}/callback"}
        ]

        for token_name in gitea_access_tokens:
            setup_gitea_access_token(token_name)

        for app in gitea_oauth_apps:
            setup_gitea_oauth_app(app['name'], app['redirect_uri'])


if __name__ == '__main__':
    main()