use std::{
	convert::TryInto,
	fmt,
	ops::Deref,
};

use chrono::{DateTime, Duration, Utc};
use serde::{
	de::{
		self,
		Visitor,
	},
	Deserialize, 
	Deserializer,
};

pub struct BlakeHashWrapper (blake3::Hash);

impl BlakeHashWrapper {
	pub fn from_key (bytes: &[u8]) -> Self {
		Self (blake3::hash (bytes))
	}
	
	pub fn encode_base64 (&self) -> String {
		base64::encode (self.as_bytes ())
	}
}

impl Deref for BlakeHashWrapper {
	type Target = blake3::Hash;
	
	fn deref (&self) -> &<Self as Deref>::Target {
		&self.0
	}
}

struct BlakeHashVisitor;

impl <'de> Visitor <'de> for BlakeHashVisitor {
	type Value = blake3::Hash;
	
	fn expecting (&self, formatter: &mut fmt::Formatter) -> fmt::Result {
		formatter.write_str ("a 32-byte blake3 hash, encoded as base64")
	}
	
	fn visit_str <E: de::Error> (self, value: &str) 
	-> Result <Self::Value, E>
	{
		let bytes: Vec <u8> = base64::decode (value).map_err (|_| E::custom (format! ("str is not base64: {}", value)))?;
		let bytes: [u8; 32] = (&bytes [..]).try_into ().map_err (|_| E::custom (format! ("decode base64 is not 32 bytes long: {}", value)))?;
		
		let tripcode = blake3::Hash::from (bytes);
		
		Ok (tripcode)
	}
}

impl <'de> Deserialize <'de> for BlakeHashWrapper {
	fn deserialize <D: Deserializer <'de>> (deserializer: D) -> Result <Self, D::Error> {
		Ok (BlakeHashWrapper (deserializer.deserialize_str (BlakeHashVisitor)?))
	}
}

pub struct Valid7Days;
//pub struct Valid30Days;
//pub struct Valid90Days;

pub trait MaxValidDuration {
	fn dur () -> Duration;
}

impl MaxValidDuration for Valid7Days {
	fn dur () -> Duration {
		Duration::days (7)
	}
}

#[derive (Deserialize)]
pub struct ScraperKey <V: MaxValidDuration> {
	pub not_before: DateTime <Utc>,
	pub not_after: DateTime <Utc>,
	pub hash: BlakeHashWrapper,
	_phantom: std::marker::PhantomData <V>,
}

#[derive (Copy, Clone, Debug, PartialEq)]
pub enum KeyValidity {
	Valid,
	
	WrongKey,
	ClockIsBehind,
	Expired,
	DurationTooLong (Duration),
	DurationNegative,
}

impl <V: MaxValidDuration> ScraperKey <V> {
	pub fn is_valid (&self, now: DateTime <Utc>, input: &[u8]) -> KeyValidity {
		use KeyValidity::*;
		
		// I put this first because I think the constant-time check should run
		// before anything else. But I'm not a crypto expert, so it's just
		// guesswork.
		if blake3::hash (input) != *self.hash {
			return WrongKey;
		}
		
		if self.not_after < self.not_before {
			return DurationNegative;
		}
		
		let max_dur = V::dur ();
		let actual_dur = self.not_after - self.not_before;
		
		if actual_dur > max_dur {
			return DurationTooLong (max_dur);
		}
		
		if now >= self.not_after {
			return Expired;
		}
		
		if now < self.not_before {
			return ClockIsBehind;
		}
		
		return Valid;
	}
}

#[cfg (test)]
mod tests {
	use chrono::{Utc};
	use super::*;
	use KeyValidity::*;
	
	#[test]
	fn duration_negative () {
		let zero_time = Utc::now ();
		
		let key = ScraperKey::<Valid7Days> {
			not_before: zero_time + Duration::days (1 + 2),
			not_after: zero_time + Duration::days (1),
			hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
			_phantom: Default::default (),
		};
		
		let err = DurationNegative;
		
		for (input, expected) in &[
			(zero_time + Duration::days (0), err),
			(zero_time + Duration::days (2), err),
			(zero_time + Duration::days (100), err),
		] {
			assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected);
		}
	}
	
	#[test]
	fn key_valid_too_long () {
		let zero_time = Utc::now ();
		
		let key = ScraperKey::<Valid7Days> {
			not_before: zero_time + Duration::days (1),
			not_after: zero_time + Duration::days (1 + 8),
			hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
			_phantom: Default::default (),
		};
		
		let err = DurationTooLong (Duration::days (7));
		
		for (input, expected) in &[
			(zero_time + Duration::days (0), err),
			(zero_time + Duration::days (2), err),
			(zero_time + Duration::days (100), err),
		] {
			assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected);
		}
	}
	
	#[test]
	fn normal_key () {
		let zero_time = Utc::now ();
		
		let key = ScraperKey::<Valid7Days> {
			not_before: zero_time + Duration::days (1),
			not_after: zero_time + Duration::days (1 + 7),
			hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
			_phantom: Default::default (),
		};
		
		for (input, expected) in &[
			(zero_time + Duration::days (0), ClockIsBehind),
			(zero_time + Duration::days (2), Valid),
			(zero_time + Duration::days (1 + 7), Expired),
			(zero_time + Duration::days (100), Expired),
		] {
			assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected);
		}
	}
	
	#[test]
	fn wrong_key () {
		let zero_time = Utc::now ();
		
		let key = ScraperKey::<Valid7Days> {
			not_before: zero_time + Duration::days (1),
			not_after: zero_time + Duration::days (1 + 7),
			hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
			_phantom: Default::default (),
		};
		
		for (input, expected) in &[
			(zero_time + Duration::days (0), WrongKey),
			(zero_time + Duration::days (2), WrongKey),
			(zero_time + Duration::days (1 + 7), WrongKey),
			(zero_time + Duration::days (100), WrongKey),
		] {
			assert_eq! (key.is_valid (*input, "badder_password".as_bytes ()), *expected);
		}
	}
}