from fastapi import FastAPI, Request
from fastapi.responses import Response, RedirectResponse
import os
import re
import secrets

app = FastAPI()

COOKIE_NAME = "anon_session"
ADMIN_COOKIE_NAME = "admin_session"
COOKIE_MAX_AGE = 60 * 60 * 24 * 7  # 7 days
SAFE_RE = re.compile(r"^[a-f0-9]{32}$")

ADMIN_BOOTSTRAP_TOKEN = os.getenv("ADMIN_BOOTSTRAP_TOKEN", "")
ADMIN_EMAIL = "admin@demo.local"
ADMIN_NAME = "Rob Admin"


def generate_session_id() -> str:
    return secrets.token_hex(16)


def session_to_identity(session_id: str) -> tuple[str, str]:
    short_id = session_id[:12]
    email = f"anon-{session_id}@demo.local"
    name = f"Guest {short_id}"
    return email, name


@app.get("/bootstrap")
async def bootstrap(request: Request):
    token = request.query_params.get("token", "")
    if not ADMIN_BOOTSTRAP_TOKEN or token != ADMIN_BOOTSTRAP_TOKEN:
        return Response(status_code=403, content="Invalid bootstrap token")

    response = RedirectResponse(url="/", status_code=302)
    response.set_cookie(
        key=ADMIN_COOKIE_NAME,
        value="1",
        max_age=COOKIE_MAX_AGE,
        httponly=True,
        samesite="lax",
        secure=True,
        path="/",
    )
    return response


@app.get("/logout-admin")
async def logout_admin():
    response = RedirectResponse(url="/", status_code=302)
    response.delete_cookie(ADMIN_COOKIE_NAME, path="/")
    return response


@app.get("/resolve")
async def resolve(request: Request):
    admin_cookie = request.cookies.get(ADMIN_COOKIE_NAME)

    if admin_cookie == "1":
        response = Response(status_code=204)
        response.headers["X-Auth-Request-Email"] = ADMIN_EMAIL
        response.headers["X-Auth-Request-Name"] = ADMIN_NAME
        return response

    cookie_val = request.cookies.get(COOKIE_NAME)

    if not cookie_val or not SAFE_RE.match(cookie_val):
        cookie_val = generate_session_id()
        new_cookie = True
    else:
        new_cookie = False

    email, name = session_to_identity(cookie_val)

    response = Response(status_code=204)
    response.headers["X-Auth-Request-Email"] = email
    response.headers["X-Auth-Request-Name"] = name

    if new_cookie:
        response.set_cookie(
            key=COOKIE_NAME,
            value=cookie_val,
            max_age=COOKIE_MAX_AGE,
            httponly=True,
            samesite="lax",
            secure=True,
            path="/",
        )

    return response


if __name__ == "__main__":
    import uvicorn
    uvicorn.run(app, host="127.0.0.1", port=9000)