/*
Copyright 2015 All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package main

import (
	"bytes"
	"crypto/tls"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/url"
	"os"
	"reflect"
	"testing"
	"time"

	uuid "github.com/satori/go.uuid"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestDecodeKeyPairs(t *testing.T) {
	testCases := []struct {
		List     []string
		KeyPairs map[string]string
		Ok       bool
	}{
		{
			List: []string{"a=b", "b=3"},
			KeyPairs: map[string]string{
				"a": "b",
				"b": "3",
			},
			Ok: true,
		},
		{
			List: []string{"add", "b=3"},
		},
	}

	for i, c := range testCases {
		kp, err := decodeKeyPairs(c.List)
		if err != nil && c.Ok {
			t.Errorf("test case %d should not have failed", i)
			continue
		}
		if !c.Ok {
			continue
		}
		if !reflect.DeepEqual(kp, c.KeyPairs) {
			t.Errorf("test case %d are not equal %v <-> %v", i, kp, c.KeyPairs)
		}
	}
}

func TestGetRequestHostURL(t *testing.T) {
	cs := []struct {
		Expected   string
		HostHeader string
		Hostname   string
		TLS        *tls.ConnectionState
	}{
		{
			Expected: "http://www.test.com",
			Hostname: "www.test.com",
		},
		{
			Expected: "http://",
		},
		{
			Expected:   "http://www.override.com",
			HostHeader: "www.override.com",
			Hostname:   "www.test.com",
		},
		{
			Expected: "https://www.test.com",
			Hostname: "www.test.com",
			TLS:      &tls.ConnectionState{},
		},
		{
			Expected:   "https://www.override.com",
			HostHeader: "www.override.com",
			Hostname:   "www.test.com",
			TLS:        &tls.ConnectionState{},
		},
	}
	for i, c := range cs {
		request := &http.Request{
			Method: http.MethodGet,
			Host:   c.Hostname,
			TLS:    c.TLS,
		}
		if c.HostHeader != "" {
			request.Header = make(http.Header)
			request.Header.Set("X-Forwarded-Host", c.HostHeader)
		}
		assert.Equal(t, c.Expected, getRequestHostURL(request), "case %d, expected: %s, got: %s", i, c.Expected, getRequestHostURL(request))
	}
}

func BenchmarkUUID(b *testing.B) {
	for n := 0; n < b.N; n++ {
		s := uuid.NewV1()
		_ = s.String()
	}
}

func TestDefaultTo(t *testing.T) {
	cs := []struct {
		Value    string
		Default  string
		Expected string
	}{
		{
			Value:    "",
			Default:  "hello",
			Expected: "hello",
		},
		{
			Value:    "world",
			Default:  "hello",
			Expected: "world",
		},
	}
	for _, c := range cs {
		assert.Equal(t, c.Expected, defaultTo(c.Value, c.Default))
	}
}

func TestEncryptDataBlock(t *testing.T) {
	testCase := []struct {
		Text string
		Key  string
		Ok   bool
	}{
		{
			Text: "hello world, my name is keycloak proxy",
			Key:  "DtNMS2eO7Fi5vsuLrW55nrRbir2kPfTw",
			Ok:   true,
		},
		{
			Text: "hello world, my name is keycloak proxy",
			Key:  "DtNMS2eO7Fi5vsu",
		},
		{
			Text: "h",
			Key:  "DtNMS2eO7Fi5vsuLrW55nrRbir2kPfTwtr",
		},
	}

	for i, test := range testCase {
		_, err := encryptDataBlock(bytes.NewBufferString(test.Text).Bytes(), bytes.NewBufferString(test.Key).Bytes())
		if err != nil && test.Ok {
			t.Errorf("test case: %d should not have failed, %s", i, err)
		}
	}
}

func TestEncodeText(t *testing.T) {
	session, err := encodeText("12245325632323263762", "1gjrlcjQ8RyKANngp9607txr5fF5fhf1")
	assert.NotEmpty(t, session)
	assert.NoError(t, err)
}

var (
	fakePlainText = []byte(`nFlhnhwRzC9uJ9mjhR0PQezUpIiDlU9ASLqH1KIKFhBZZrMZfnAAdHdgKs2OJoni8cTSQ
	JxkaNpboZ6hnrMytlw5kf0biF7dLTU885uHIGkUIRy75hx6BaTEEhbN36qVTxediEHd6xeBPS3qpJ7riO6J
	EeaQr1rroDL0LvmDyB6Zds4LdVQEmtUueusc7jkBz7gJ12vnTHIxviZM5rzcq4tyCbZO7Kb37RqZg5kbYGK
	PfErhUwUIin7jsNVE7coB`)
	fakeCipherText = []byte("lfQPTa6jwMTABaJhcrfVkoqcdyMVAettMsqgKXIALSKG5UpoYKbT/WgZjOiuCmEI0E/7piP8VATLOAHKDBNF2WrQOKSYF+gdHkh4NLv0cW0NZ2qyZeWhknywE6063ylhCYjJOrJA1z12i2bHHbjZZGfqkwfzyxxFLTv6jSbalpZ4oZcUcNY/DrtVk/K01qZw6o4l1f0FUL6UZVSirn+B3YDWLeVQ0FGr6jlhCpN203Rf688nqdBvhw4bUEQiykCMxWm2/rJBNWm2SzZgw65kb4W0ph1qjcoUjXBwNakK+E0Lw/fwi8+bUC1lkT8+hJpMLKZkzb07rbGAnmljQo0NkqJh4kl+aycsEhm9bZj+b6w0r795YugyNsyca5CnUvkB1Dg")
	fakeKey        = []byte("u3K0eKsmGl76jY1buzexwYoRRLLQrQck")
)

/*
func TestEncryptedText(t *testing.T) {
	s, err := encodeText(string(fakePlainText), string(fakeKey))
	require.NoError(t, err)
	require.NotEmpty(t, s)
	d, err := decodeText(s, string(fakeKey))
	require.NoError(t, err)
	require.NotEmpty(t, d)
	assert.Equal(t, string(fakePlainText), d)
	fmt.Printf("Encoded: '%s'\n", s)
	fmt.Printf("Decoded: '%s'\n", d)
}
*/

func BenchmarkEncryptDataBlock(b *testing.B) {
	for n := 0; n < b.N; n++ {
		_, _ = encryptDataBlock(fakePlainText, fakeKey)
	}
}

func BenchmarkEncodeText(b *testing.B) {
	text := string(fakePlainText)
	key := string(fakeKey)
	for n := 0; n < b.N; n++ {
		_, _ = encodeText(text, key)
	}
}

func BenchmarkDecodeText(b *testing.B) {
	t := string(fakeCipherText)
	k := string(fakeKey)
	for n := 0; n < b.N; n++ {
		if _, err := decodeText(t, k); err != nil {
			b.FailNow()
		}
	}
}

func TestDecodeText(t *testing.T) {
	fakeKey := "HYLNt2JSzD7Lpz0djTRudmlOpbwx1oHB"
	fakeText := "12245325632323263762"

	encrypted, err := encodeText(fakeText, fakeKey)
	require.NoError(t, err)
	assert.NotEmpty(t, encrypted)

	decoded, _ := decodeText(encrypted, fakeKey)
	assert.NotNil(t, decoded, "the session should not have been nil")
	assert.Equal(t, decoded, fakeText, "the decoded text is not the same")
}

func TestFindCookie(t *testing.T) {
	cookies := []*http.Cookie{
		{Name: "cookie_there"},
	}
	assert.NotNil(t, findCookie("cookie_there", cookies))
	assert.Nil(t, findCookie("not_there", cookies))
}

func TestDecryptDataBlock(t *testing.T) {
	testCase := []struct {
		Text string
		Key  string
		Ok   bool
	}{
		{
			Text: "hello world, my name is keycloak proxy",
			Key:  "DtNMS2eO7Fi5vsuLrW55nrRbir2kPfss",
			Ok:   true,
		},
		{
			Text: "h",
			Key:  "DtNMS2eO7Fi5vsuLrW55nrRbir2kPfTw",
			Ok:   true,
		},
	}

	for i, test := range testCase {
		cipher, err := encryptDataBlock(bytes.NewBufferString(test.Text).Bytes(), bytes.NewBufferString(test.Key).Bytes())
		if err != nil && test.Ok {
			t.Errorf("test case: %d should not have failed, %s", i, err)
		}

		plain, err := decryptDataBlock(cipher, bytes.NewBufferString(test.Key).Bytes())
		if err != nil {
			t.Errorf("test case: %d should not have failed, %s", i, err)
		}

		if string(plain) != test.Text {
			t.Errorf("test case: %d are not the same", i)
		}
	}

}

func TestHasAccessOK(t *testing.T) {
	cs := []struct {
		Have     []string
		Need     []string
		Required bool
	}{
		{},
		{
			Have: []string{"a", "b"},
		},
		{
			Have:     []string{"a", "b", "c"},
			Need:     []string{"a", "b"},
			Required: true,
		},
		{
			Have: []string{"a", "b", "c"},
			Need: []string{"a", "c"},
		},
		{
			Have: []string{"a", "b", "c"},
			Need: []string{"c"},
		},
		{
			Have: []string{"a", "b", "c"},
			Need: []string{"b"},
		},
		{
			Have: []string{"a", "b", "c"},
			Need: []string{"b"},
		},
		{
			Have: []string{"a", "b"},
			Need: []string{"a"},
		},
		{
			Have:     []string{"a", "b"},
			Need:     []string{"a"},
			Required: true,
		},
		{
			Have:     []string{"b", "a"},
			Need:     []string{"a"},
			Required: true,
		},
	}
	for i, x := range cs {
		assert.True(t, hasAccess(x.Need, x.Have, x.Required), "case: %d should be true, have: %v, need: %v, require: %t ", i, x.Have, x.Need, x.Required)
	}
}

func TestHasAccessBad(t *testing.T) {
	cs := []struct {
		Have     []string
		Need     []string
		Required bool
	}{
		{
			Have: []string{"a", "b"},
			Need: []string{"c"},
		},
		{
			Have:     []string{"a", "b"},
			Need:     []string{"c"},
			Required: true,
		},
		{
			Have:     []string{"a", "c"},
			Need:     []string{"a", "b"},
			Required: true,
		},
		{
			Have:     []string{"a", "b", "c"},
			Need:     []string{"b", "j"},
			Required: true,
		},
		{
			Have:     []string{"a", "b", "c"},
			Need:     []string{"a", "d"},
			Required: true,
		},
	}

	for i, x := range cs {
		assert.False(t, hasAccess(x.Need, x.Have, x.Required), "case: %d should be false, have: %v, need: %v, require: %t ", i, x.Have, x.Need, x.Required)
	}
}

func TestContainedIn(t *testing.T) {
	assert.False(t, containedIn("1", []string{"2", "3", "4"}))
	assert.True(t, containedIn("1", []string{"1", "2", "3", "4"}))
}

func TestContainsSubString(t *testing.T) {
	assert.False(t, containsSubString("bar.com", []string{"foo.bar.com"}))
	assert.True(t, containsSubString("www.foo.bar.com", []string{"foo.bar.com"}))
	assert.True(t, containsSubString("foo.bar.com", []string{"bar.com"}))
	assert.True(t, containsSubString("star.domain.com", []string{"domain.com", "domain1.com"}))
	assert.True(t, containsSubString("star.domain1.com", []string{"domain.com", "domain1.com"}))
	assert.True(t, containsSubString("test.test.svc.cluster.local", []string{"svc.cluster.local"}))

	assert.False(t, containsSubString("star.domain1.com", []string{"domain.com", "sub.domain1.com"}))
	assert.False(t, containsSubString("svc.cluster.local", []string{"nginx.pr1.svc.cluster.local"}))
	assert.False(t, containsSubString("cluster.local", []string{"nginx.pr1.svc.cluster.local"}))
	assert.False(t, containsSubString("pr1", []string{"nginx.pr1.svc.cluster.local"}))
}

func BenchmarkContainsSubString(t *testing.B) {
	for n := 0; n < t.N; n++ {
		containsSubString("svc.cluster.local", []string{"nginx.pr1.svc.cluster.local"})
	}
}

func TestDialAddress(t *testing.T) {
	assert.Equal(t, dialAddress(getFakeURL("http://127.0.0.1")), "127.0.0.1:80")
	assert.Equal(t, dialAddress(getFakeURL("https://127.0.0.1")), "127.0.0.1:443")
	assert.Equal(t, dialAddress(getFakeURL("http://127.0.0.1:8080")), "127.0.0.1:8080")
}

func TestIsUpgradedConnection(t *testing.T) {
	header := http.Header{}
	header.Add(headerUpgrade, "")
	assert.False(t, isUpgradedConnection(&http.Request{Header: header}))
	header.Set(headerUpgrade, "set")
	assert.True(t, isUpgradedConnection(&http.Request{Header: header}))
}

func TestIdValidHTTPMethod(t *testing.T) {
	cs := []struct {
		Method string
		Ok     bool
	}{
		{Method: "GET", Ok: true},
		{Method: "GETT"},
		{Method: "CONNECT", Ok: false},
		{Method: "PUT", Ok: true},
		{Method: "PATCH", Ok: true},
	}
	for _, x := range cs {
		assert.Equal(t, x.Ok, isValidHTTPMethod(x.Method))
	}
}

func TestFileExists(t *testing.T) {
	if fileExists("no_such_file_exsit_32323232") {
		t.Error("we should have received false")
	}
	tmpfile, err := ioutil.TempFile("/tmp", fmt.Sprintf("test_file_%d", os.Getpid()))
	if err != nil {
		t.Fatalf("failed to create the temporary file, %s", err)
	}
	defer os.Remove(tmpfile.Name())

	if !fileExists(tmpfile.Name()) {
		t.Error("we should have received a true")
	}
}

func TestGetWithin(t *testing.T) {
	cs := []struct {
		Expires  time.Time
		Percent  float64
		Expected time.Duration
	}{
		{
			Expires:  time.Now().Add(time.Duration(1) * time.Hour),
			Percent:  0.10,
			Expected: 359000000000,
		},
		{
			Expires:  time.Now().Add(time.Duration(1) * time.Hour),
			Percent:  0.20,
			Expected: 719000000000,
		},
	}
	for _, x := range cs {
		assert.Equal(t, x.Expected, getWithin(x.Expires, x.Percent))
	}
}

func TestToHeader(t *testing.T) {
	cases := []struct {
		Word     string
		Expected string
	}{
		{
			Word:     "given_name",
			Expected: "Given-Name",
		},
		{
			Word:     "family%name",
			Expected: "Family-Name",
		},
		{
			Word:     "perferredname",
			Expected: "Perferredname",
		},
	}
	for i, x := range cases {
		assert.Equal(t, x.Expected, toHeader(x.Word), "case %d, expected: %s but got: %s",
			i, x.Expected, toHeader(x.Word))
	}
}

func TestCapitalize(t *testing.T) {
	cases := []struct {
		Word     string
		Expected string
	}{
		{
			Word:     "given",
			Expected: "Given",
		},
		{
			Word:     "1iven",
			Expected: "1iven",
		},
		{
			Word:     "Test this",
			Expected: "Test this",
		},
	}
	for i, x := range cases {
		assert.Equal(t, x.Expected, capitalize(x.Word), "case %d, expected: %s but got: %s", i, x.Expected,
			capitalize(x.Word))
	}
}

func TestMergeMaps(t *testing.T) {
	cases := []struct {
		Source   map[string]string
		Dest     map[string]string
		Expected map[string]string
	}{
		{
			Source: map[string]string{
				"a": "b",
				"b": "b",
			},
			Dest: map[string]string{
				"c": "c",
			},
			Expected: map[string]string{
				"a": "b",
				"b": "b",
				"c": "c",
			},
		},
	}
	for i, x := range cases {
		merged := mergeMaps(x.Dest, x.Source)
		if !reflect.DeepEqual(x.Expected, merged) {
			t.Errorf("case %d, expected: %v but got: %v", i, x.Expected, merged)
		}
	}
}

func TestReadConfiguration(t *testing.T) {
	testCases := []struct {
		Content string
		Ok      bool
	}{
		{
			Content: `
discovery_url: https://keyclock.domain.com/
client-id: <client_id>
secret: <secret>
`,
		},
		{
			Content: `
discovery_url: https://keyclock.domain.com
client-id: <client_id>
secret: <secret>
upstream-url: http://127.0.0.1:8080
redirection_url: http://127.0.0.1:3000
`,
			Ok: true,
		},
	}

	for i, test := range testCases {
		// step: write the fake config file
		file := writeFakeConfigFile(t, test.Content)

		config := new(Config)
		err := readConfigFile(file.Name(), config)
		if test.Ok && err != nil {
			os.Remove(file.Name())
			t.Errorf("test case %d should not have failed, config: %v, error: %s", i, config, err)
		}
		os.Remove(file.Name())
	}
}

func getFakeURL(location string) *url.URL {
	u, _ := url.Parse(location)
	return u
}

func writeFakeConfigFile(t *testing.T, content string) *os.File {
	f, err := ioutil.TempFile("", "node_label_file")
	if err != nil {
		t.Fatalf("unexpected error creating node_label_file: %v", err)
	}
	f.Close()

	if err := ioutil.WriteFile(f.Name(), []byte(content), 0700); err != nil {
		t.Fatalf("unexpected error writing node label file: %v", err)
	}

	return f
}