# frozen_string_literal: true

require "socket"
require "ipaddr"
require "excon"
require "rate_limiter"
require "url_helper"

# Determine the final endpoint for a Web URI, following redirects
class FinalDestination
  class SSRFError < SocketError
  end

  class UrlEncodingError < ArgumentError
  end

  MAX_REQUEST_TIME_SECONDS = 10
  MAX_REQUEST_SIZE_BYTES = 5_242_880 # 1024 * 1024 * 5

  def self.clear_https_cache!(domain)
    key = redis_https_key(domain)
    Discourse.redis.without_namespace.del(key)
  end

  def self.cache_https_domain(domain)
    key = redis_https_key(domain)
    Discourse.redis.without_namespace.setex(key, 1.day.to_i, "1")
  end

  def self.is_https_domain?(domain)
    key = redis_https_key(domain)
    Discourse.redis.without_namespace.get(key).present?
  end

  def self.redis_https_key(domain)
    "HTTPS_DOMAIN_#{domain}"
  end

  DEFAULT_USER_AGENT =
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15"

  attr_reader :status, :cookie, :status_code, :content_type, :ignored

  def initialize(url, opts = nil)
    @url = url
    @uri = uri(normalized_url) if @url

    @opts = opts || {}
    @force_get_hosts = @opts[:force_get_hosts] || []
    @preserve_fragment_url_hosts = @opts[:preserve_fragment_url_hosts] || []
    @force_custom_user_agent_hosts = @opts[:force_custom_user_agent_hosts] || []
    @default_user_agent = @opts[:default_user_agent] || DEFAULT_USER_AGENT
    @opts[:max_redirects] ||= 5
    @https_redirect_ignore_limit = @opts[:initial_https_redirect_ignore_limit]
    @include_port_in_host_header = @opts[:include_port_in_host_header] || false

    @max_redirects = @opts[:max_redirects]
    @limit = @max_redirects

    @ignored = []
    if @limit > 0
      ignore_redirects = [Discourse.base_url_no_prefix]

      ignore_redirects.concat(@opts[:ignore_redirects]) if @opts[:ignore_redirects]

      ignore_redirects.each do |ignore_redirect|
        ignore_redirect = uri(ignore_redirect)
        @ignored << ignore_redirect.hostname if ignore_redirect.present? && ignore_redirect.hostname
      end
    end

    @status = :ready
    @follow_canonical = @opts[:follow_canonical]
    @http_verb = @opts[:http_verb] || http_verb(@force_get_hosts, @follow_canonical)
    @cookie = nil
    @limited_ips = []
    @verbose = @opts[:verbose] || false
    @timeout = @opts[:timeout] || nil
    @preserve_fragment_url = @preserve_fragment_url_hosts.any? { |host| hostname_matches?(host) }
    @validate_uri = @opts.fetch(:validate_uri) { true }
    @user_agent =
      (
        if @force_custom_user_agent_hosts.any? { |host| hostname_matches?(host) }
          Onebox::Helpers.user_agent
        else
          @default_user_agent
        end
      )
    @stop_at_blocked_pages = @opts[:stop_at_blocked_pages]
    @extra_headers = @opts[:headers]
  end

  def self.connection_timeout
    20
  end

  def self.resolve(url, opts = nil)
    new(url, opts).resolve
  end

  def http_verb(force_get_hosts, follow_canonical)
    if follow_canonical || force_get_hosts.any? { |host| hostname_matches?(host) }
      :get
    else
      :head
    end
  end

  def timeout
    @timeout || FinalDestination.connection_timeout
  end

  def redirected?
    @limit < @max_redirects
  end

  def request_headers
    result = {
      "User-Agent" => @user_agent,
      "Accept" => "*/*",
      "Accept-Language" => "*",
      "Host" => @uri.hostname + (@include_port_in_host_header ? ":#{@uri.port}" : ""),
    }

    result.merge!(@extra_headers) if @extra_headers
    result["Cookie"] = @cookie if @cookie

    result
  end

  def small_get(request_headers)
    status_code, response_headers = nil

    catch(:done) do
      FinalDestination::HTTP.start(
        @uri.host,
        @uri.port,
        use_ssl: @uri.is_a?(URI::HTTPS),
        open_timeout: timeout,
      ) do |http|
        http.read_timeout = timeout
        http.request_get(@uri.request_uri, request_headers) do |resp|
          status_code = resp.code.to_i
          response_headers = resp.to_hash

          # see: https://bugs.ruby-lang.org/issues/15624
          # if we allow response to return then body will be read
          # got to abort without reading body
          throw :done
        end
      end
    end

    [status_code, response_headers]
  end

  # this is a new interface for simply getting
  # N bytes accounting for all internal logic
  def get(redirects = @limit, extra_headers: {}, except_headers: [], &blk)
    raise "Must specify block" unless block_given?

    if @uri && @uri.port == 80 && FinalDestination.is_https_domain?(@uri.hostname)
      @uri.scheme = "https"
      @uri = URI(@uri.to_s)
    end

    return if !validate_uri
    return if @stop_at_blocked_pages && blocked_domain?(@uri)

    result, headers_subset = safe_get(@uri, except_headers:, &blk)
    return if !result

    cookie = headers_subset.set_cookie
    location = headers_subset.location

    if result == :redirect
      return if !location

      old_uri = @uri
      location = "#{@uri.scheme}://#{@uri.host}#{location}" if location[0] == "/"
      @uri = uri(location)

      if @uri && redirects == @max_redirects && @https_redirect_ignore_limit &&
           same_uri_but_https?(old_uri, @uri)
        redirects += 1
        @https_redirect_ignore_limit = false
      end

      return if redirects == 0

      # https redirect, so just cache that whole new domain is https
      if old_uri.port == 80 && @uri&.port == 443 && (URI::HTTPS === @uri)
        FinalDestination.cache_https_domain(@uri.hostname)
      end

      return if !@uri

      extra = nil
      extra = { "Cookie" => cookie } if cookie

      # Most HTTP Clients strip the Authorization header on redirects as the client could be redirecting to a untrusted
      # party. Not stripping the Authorization header on redirect can also lead to problems where the
      # redirected party does not expect a Authorization header and thus rejects the request.
      except_headers = ["Authorization"]

      get(redirects - 1, extra_headers: extra, except_headers:, &blk)
    elsif result == :ok
      @uri.to_s
    else
      nil
    end
  end

  def resolve
    if @uri && @uri.port == 80 && FinalDestination.is_https_domain?(@uri.hostname)
      @uri.scheme = "https"
      @uri = URI(@uri.to_s)
    end

    if @limit < 0
      @status = :too_many_redirects
      log(:warn, "FinalDestination could not resolve URL (too many redirects): #{@uri}")
      return
    end

    unless validate_uri
      @status = :invalid_address
      log(:warn, "FinalDestination could not resolve URL (invalid URI): #{@uri}")
      return
    end

    @ignored.each do |host|
      if @uri&.hostname&.match?(host)
        @status = :resolved
        return @uri
      end
    end

    if Oneboxer.cached_response_body_exists?(@uri.to_s)
      @status = :resolved
      return @uri
    end

    headers = request_headers
    middlewares = Excon.defaults[:middlewares].dup
    middlewares << Excon::Middleware::Decompress if @http_verb == :get

    request_start_time = Time.now
    response_body = +""
    request_validator =
      lambda do |chunk, _remaining_bytes, _total_bytes|
        response_body << chunk
        if response_body.bytesize > MAX_REQUEST_SIZE_BYTES
          raise Excon::Errors::ExpectationFailed.new("response size too big: #{@uri}")
        end
        if Time.now - request_start_time > MAX_REQUEST_TIME_SECONDS
          raise Excon::Errors::ExpectationFailed.new("connect timeout reached: #{@uri}")
        end
      end

    # This technique will only use the first resolved IP
    # TODO: Can we standardise this by using FinalDestination::HTTP?
    begin
      resolved_ip = SSRFDetector.lookup_and_filter_ips(@uri.hostname).first
    rescue SSRFDetector::DisallowedIpError, SocketError, Timeout::Error
      @status = :invalid_address
      return
    end
    request_uri = @uri.dup
    request_uri.hostname = resolved_ip unless Rails.env.test? # WebMock doesn't understand the IP-based requests

    response =
      Excon.public_send(
        @http_verb,
        request_uri.to_s,
        read_timeout: timeout,
        connect_timeout: timeout,
        headers: { "Host" => @uri.hostname }.merge(headers),
        middlewares: middlewares,
        response_block: request_validator,
        ssl_verify_peer_host: @uri.hostname,
      )

    if @stop_at_blocked_pages
      if blocked_domain?(@uri) || response.headers["Discourse-No-Onebox"] == "1"
        @status = :blocked_page
        return
      end
    end

    location = nil
    response_headers = nil
    response_status = response.status.to_i

    case response.status
    when 200
      # Cache body of successful `get` requests
      if @http_verb == :get
        if Oneboxer.cache_response_body?(@uri)
          Oneboxer.cache_response_body(@uri.to_s, response_body)
        end
      end

      if @follow_canonical
        next_url = fetch_canonical_url(response_body)

        if next_url.to_s.present? && next_url != @uri
          @follow_canonical = false
          @uri = next_url
          @http_verb = http_verb(@force_get_hosts, @follow_canonical)

          return resolve
        end
      end

      @content_type = response.headers["Content-Type"] if response.headers.has_key?("Content-Type")
      @status = :resolved
      return @uri
    when 103, 400, 405, 406, 409, 500, 501
      response_status, small_headers = small_get(request_headers)

      if @stop_at_blocked_pages
        # this may seem weird, but the #to_hash method of the response object
        # of ruby's net/http lib returns a hash where each value is an array.
        # small_headers here is like that so our no onebox header value is an
        # array if it's set. Also the hash keys are always lower-cased.
        dont_onebox = small_headers["discourse-no-onebox"]&.join("") == "1"
        if dont_onebox || blocked_domain?(@uri)
          @status = :blocked_page
          return
        end
      end

      if response_status == 200
        @status = :resolved
        return @uri
      end

      response_headers = {}
      if cookie_val = small_headers["set-cookie"]
        response_headers[:cookies] = cookie_val
      end

      if location_val = small_headers["location"]
        response_headers[:location] = location_val.join
      end
    end

    unless response_headers
      response_headers = {
        cookies: response.data[:cookies] || response.headers[:"set-cookie"],
        location: response.headers[:location],
      }
    end

    location = response_headers[:location] if (300..399).include?(response_status)

    if cookies = response_headers[:cookies]
      @cookie = Array.wrap(cookies).map { |c| c.split(";").first.strip }.join("; ")
    end

    if location
      redirect_uri = uri(location)
      if @uri.host == redirect_uri.host &&
           (redirect_uri.path =~ %r{/login} || redirect_uri.path =~ %r{/session})
        @status = :resolved
        return @uri
      end

      old_uri = @uri
      location = "#{location}##{@uri.fragment}" if @preserve_fragment_url && @uri.fragment.present?
      location = "#{@uri.scheme}://#{@uri.host}#{location}" if location[0] == "/"
      @uri = uri(location)

      if @uri && @limit == @max_redirects && @https_redirect_ignore_limit &&
           same_uri_but_https?(old_uri, @uri)
        @limit += 1
        @https_redirect_ignore_limit = false
      end
      @limit -= 1

      # https redirect, so just cache that whole new domain is https
      if old_uri.port == 80 && @uri&.port == 443 && (URI::HTTPS === @uri)
        FinalDestination.cache_https_domain(@uri.hostname)
      end
      return resolve
    end

    # this is weird an exception seems better
    @status = :failure
    @status_code = response.status

    log(:warn, "FinalDestination could not resolve URL (status #{response.status}): #{@uri}")
    nil
  rescue Excon::Errors::Timeout
    log(:warn, "FinalDestination could not resolve URL (timeout): #{@uri}")
    nil
  end

  def skip_validations?
    !@validate_uri
  end

  def validate_uri
    skip_validations? || validate_uri_format
  end

  def validate_uri_format
    return false unless @uri && @uri.host
    return false if %w[https http].exclude?(@uri.scheme)

    # In some cases (like local/test environments) we may want to allow http URLs
    # to be used for internal hosts, but only if it's the case that the host is
    # explicitly used for SiteSetting.s3_endpoint. This is to allow for local
    # S3 providers like minio.
    #
    # In all other cases, we should not be allowing http calls to anything except
    # port 80.
    return false if @uri.scheme == "http" && !http_port_ok?
    return false if @uri.scheme == "https" && @uri.port != 443

    # Disallow IP based crawling
    (
      begin
        IPAddr.new(@uri.hostname)
      rescue StandardError
        nil
      end
    ).nil?
  end

  def http_port_ok?
    return true if @uri.port == 80

    allowed_internal_hosts =
      SiteSetting.allowed_internal_hosts&.split(/[|\n]/)&.filter_map { |aih| aih.strip.presence }
    return false if allowed_internal_hosts.empty? || SiteSetting.s3_endpoint.blank?
    return false if allowed_internal_hosts.none? { |aih| hostname_matches_s3_endpoint?(aih) }

    true
  end

  def hostname_matches_s3_endpoint?(allowed_internal_host)
    s3_endpoint_uri = URI(SiteSetting.s3_endpoint)
    hostname_matches?("http://#{allowed_internal_host}") && @uri.port == s3_endpoint_uri.port &&
      @uri.hostname.end_with?(s3_endpoint_uri.hostname)
  end

  def hostname
    @uri.hostname
  end

  def hostname_matches?(url)
    url = uri(url)

    if @uri&.hostname.present? && url&.hostname.present?
      hostname_parts = url.hostname.split(".")
      has_wildcard = hostname_parts.first == "*"

      if has_wildcard
        @uri.hostname.end_with?(hostname_parts[1..-1].join("."))
      else
        @uri.hostname == url.hostname
      end
    end
  end

  def normalized_url
    UrlHelper.normalized_encode(@url)
  rescue ArgumentError => e
    raise UrlEncodingError, e.message
  end

  def log(log_level, message)
    return unless @verbose
    return if @status_code == 404

    Rails.logger.public_send(
      log_level,
      "#{RailsMultisite::ConnectionManagement.current_db}: #{message}",
    )
  end

  protected

  def safe_get(uri, except_headers: [])
    result = nil
    unsafe_close = false
    headers_subset = Struct.new(:location, :set_cookie).new

    safe_session(uri) do |http|
      headers =
        request_headers.merge(
          "Accept-Encoding" => "gzip",
          "Host" => uri.hostname + (@include_port_in_host_header ? ":#{uri.port}" : ""),
        ).except(*except_headers)

      req = FinalDestination::HTTP::Get.new(uri.request_uri, headers)

      http.request(req) do |resp|
        headers_subset.set_cookie = resp["Set-Cookie"]

        if @stop_at_blocked_pages
          dont_onebox = resp["Discourse-No-Onebox"] == "1"
          if dont_onebox
            result = :blocked, headers_subset
            next
          end
        end

        if Net::HTTPRedirection === resp
          headers_subset.location = resp["location"]
          result = :redirect, headers_subset
        end

        if Net::HTTPSuccess === resp
          resp.decode_content = true
          resp.read_body do |chunk|
            read_next = true

            catch(:done) do
              if read_next
                read_next = false
                yield resp, chunk, uri
                read_next = true
              end
            end

            # no clean way of finishing abruptly cause
            # response likes reading till the end
            if !read_next
              unsafe_close = true
              http.finish
              raise StandardError
            end
          end
          result = :ok, headers_subset
        else
          catch(:done) { yield resp, nil, nil }
        end
      end
    end

    result
  rescue Timeout::Error
    log(:warn, "FinalDestination could not resolve URL (timeout): #{@uri}")
    nil
  rescue OpenSSL::SSL::SSLError => exception
    log(:warn, "An error with SSL occurred: #{@uri} #{exception.message}")
    nil
  rescue StandardError
    unsafe_close ? [:ok, headers_subset] : raise
  end

  def safe_session(uri)
    FinalDestination::HTTP.start(
      uri.host,
      uri.port,
      use_ssl: (uri.scheme == "https"),
      open_timeout: timeout,
    ) do |http|
      http.read_timeout = timeout
      yield http
    end
  end

  private

  def uri(location)
    begin
      URI.parse(location)
    rescue URI::Error
    end
  end

  def fetch_canonical_url(body)
    return if body.blank?

    canonical_element = Nokogiri.HTML5(body).at("link[rel='canonical']")
    return if canonical_element.nil?
    canonical_uri = uri(canonical_element["href"])
    return if canonical_uri.blank?

    return canonical_uri if canonical_uri.host.present?
    parts = [@uri.host, canonical_uri.to_s]
    complete_url = canonical_uri.to_s.starts_with?("/") ? parts.join("") : parts.join("/")
    complete_url = "#{@uri.scheme}://#{complete_url}" if @uri.scheme

    uri(complete_url)
  end

  def blocked_domain?(uri)
    Onebox::DomainChecker.is_blocked?(uri.hostname)
  end

  def same_uri_but_https?(before, after)
    before = before.to_s
    after = after.to_s
    before.start_with?("http://") && after.start_with?("https://") &&
      before.sub("http://", "") == after.sub("https://", "")
  end
end