# Copyright (c) 2013 GigaSpaces Technologies Ltd. All rights reserved
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#       http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
#  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  * See the License for the specific language governing permissions and
#  * limitations under the License.

from collections import namedtuple

from flask import Flask
from flask_migrate import Migrate
from flask_security import Security

from manager_rest import config, utils
from manager_rest.storage import user_datastore, db
from manager_rest.storage.models import User, Tenant
from manager_rest.config import instance as manager_config

def setup_flask_app(manager_ip='localhost',
    """Setup a functioning flask app, when working outside the rest-service

    :param manager_ip: The IP of the manager
    :param driver: SQLA driver for postgres (e.g. pg8000)
    :param hash_salt: The salt to be used when creating user passwords
    :param secret_key: Secret key used when hashing flask tokens
    :return: A Flask app
    app = Flask(__name__)
    db_uri = _get_postgres_db_uri(manager_ip, driver)
    app.config['SQLALCHEMY_DATABASE_URI'] = db_uri
    app.config['ENV'] = 'production'
    set_flask_security_config(app, hash_salt, secret_key)
    Security(app=app, datastore=user_datastore)
    Migrate(app=app, db=db)
    return app

def _get_postgres_db_uri(manager_ip, driver):
    """Get a valid SQLA DB URI"""
    dialect = 'postgresql+{0}'.format(driver) if driver else 'postgres'
    conf = get_postgres_conf(manager_ip)
    conn_string = '{dialect}://{username}:{password}@{host}/{db_name}'.format(
    if config.instance.postgresql_ssl_enabled:
        params = {}
        ssl_mode = 'verify-ca'
        if config.instance.postgresql_ssl_client_verification:
            ssl_mode = 'verify-full'
                'sslcert': config.instance.postgresql_ssl_cert_path,
                'sslkey': config.instance.postgresql_ssl_key_path,
            'sslmode': ssl_mode,
            'sslrootcert': config.instance.postgresql_ca_cert_path
        if any(params.values()):
            query = '&'.join('{0}={1}'.format(key, value)
                             for key, value in params.items()
                             if value)
            conn_string = '{0}?{1}'.format(conn_string, query)
    return conn_string

def get_postgres_conf(manager_ip='localhost'):
    """Return a namedtuple with info used to connect to cloudify's PG DB
    # can't load from db yet - we're just loading the settings to connect to
    # the db at all
    conf = namedtuple('PGConf', 'host username password db_name')
    return conf(
        host=manager_config.postgresql_host or manager_ip,
        username=manager_config.postgresql_username or 'cloudify',
        password=manager_config.postgresql_password or 'cloudify',
        db_name=manager_config.postgresql_db_name or 'cloudify_db',

def set_flask_security_config(app, hash_salt=None, secret_key=None):
    """Set all necessary Flask-Security configurations

    :param app: Flask app object
    :param hash_salt: The salt to be used when creating user passwords
    :param secret_key: Secret key used when hashing flask tokens
    hash_salt = hash_salt or config.instance.security_hash_salt
    secret_key = secret_key or config.instance.security_secret_key

    # Make sure that it's possible to get users from the datastore
    # by username and not just by email (the default behavior)
    app.config['SECURITY_USER_IDENTITY_ATTRIBUTES'] = 'username, email'
    app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha256'
    app.config['SECURITY_HASHING_SCHEMES'] = ['pbkdf2_sha256']
    app.config['SECURITY_TOKEN_MAX_AGE'] = 36000  # 10 hours

    app.config['SECURITY_PASSWORD_SALT'] = hash_salt
    app.config['SECURITY_REMEMBER_SALT'] = hash_salt
    app.config['SECRET_KEY'] = secret_key

def set_tenant_in_app(tenant):
    """Set the tenant as the current tenant in the flask app.

    Requires app context (using `with app.app_context()` or push as returned
    by setup_flask_app"""

def get_tenant_by_name(tenant_name):
    """Get the tenant name, or fail noisily.
    tenant = Tenant.query.filter_by(name=tenant_name).first()
    if not tenant:
        raise Exception(
            'Could not restore into tenant "{name}" as this tenant does '
            'not exist.'.format(name=tenant_name)
    return tenant

def set_admin_current_user(app):
    """Set the admin as the current user in the flask app

    :return: The admin user
    admin = User.query.get(0)
    # This line is necessary for the `reload_user` method - we add a mock
    # request context to the flask stack

    # And then load the admin as the currently active user
    return admin