package main

import (
	"auto-ssl/config"
	"auto-ssl/handlers"
	"auto-ssl/services"
	"log"
	"net/http"
	"os"
	"strings"
	"time"

	"github.com/gin-contrib/cors"
	"github.com/gin-gonic/gin"
	"github.com/robfig/cron/v3"
)

func main() {
	cfg := config.Load()

	// Initialize certificate store (JSON file persistence)
	config.InitStore(cfg)

	// Setup Gin
	gin.SetMode(gin.ReleaseMode)
	r := gin.Default()

	// CORS for Vue frontend
	r.Use(cors.New(cors.Config{
		AllowOrigins:     []string{"*"},
		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
		AllowHeaders:     []string{"Origin", "Content-Type", "Accept", "Authorization"},
		AllowCredentials: true,
	}))

	// Serve static files for frontend
	r.Static("/assets", "./dist/assets")
	r.StaticFile("/favicon.ico", "./dist/favicon.ico")
	r.StaticFile("/favicon.svg", "./dist/favicon.svg")
	r.StaticFile("/", "./dist/index.html")

	// API routes
	api := r.Group("/api")
	{
		certHandler := handlers.NewCertHandler(cfg)

		// Certificate management
		api.GET("/certificates", certHandler.ListCertificates)
		api.GET("/certificates/:id", certHandler.GetCertificate)
		api.POST("/certificates", certHandler.CreateCertificate)
		api.PUT("/certificates/:id", certHandler.UpdateCertificate)
		api.DELETE("/certificates/:id", certHandler.DeleteCertificate)
		api.POST("/certificates/:id/renew", certHandler.RenewCertificate)
		api.GET("/certificates/:id/files", certHandler.GetCertFiles)

		// Utility
		api.GET("/renewals/check", certHandler.CheckRenewals)
		api.GET("/stats", certHandler.Stats)
	}

	r.NoRoute(func(c *gin.Context) {
		// 静态资源请求直接返回404，避免返回html导致MIME类型错误
		if strings.HasPrefix(c.Request.URL.Path, "/assets/") || 
		   strings.HasSuffix(c.Request.URL.Path, ".js") || 
		   strings.HasSuffix(c.Request.URL.Path, ".css") ||
		   strings.HasSuffix(c.Request.URL.Path, ".png") ||
		   strings.HasSuffix(c.Request.URL.Path, ".svg") ||
		   strings.HasSuffix(c.Request.URL.Path, ".ico") {
			c.AbortWithStatus(http.StatusNotFound)
			return
		}
		// 其他路由返回index.html给前端处理
		c.File("./dist/index.html")
	})

	// Setup cron for auto-renewal (runs daily at 3:00 AM)
	c := cron.New()
	c.AddFunc("0 3 * * *", func() {
		log.Println("Running scheduled certificate renewal check...")
		certs := config.Store.GetActiveWithAutoRenew()

		for _, cert := range certs {
			if cert.ExpiresAt != nil && time.Until(*cert.ExpiresAt).Hours() < float64(cert.RenewDays*24) {
				log.Printf("Auto-renewing certificate for %s (expires %s)", cert.Domain, cert.ExpiresAt.Format(time.RFC3339))
				if err := services.RenewCertificate(cert, cfg); err != nil {
					cert.Status = "error"
					cert.ErrorMessage = "auto renew: " + err.Error()
					log.Printf("Auto-renew failed for %s: %v", cert.Domain, err)
				} else {
					log.Printf("Auto-renew succeeded for %s", cert.Domain)
				}
				config.Store.Upsert(cert)
			}
		}
	})
	c.Start()

	// Set ACME HTTP-01 challenge port from env (default 8082)
	// Nginx on port 80 should proxy .well-known/acme-challenge/ to this port
	acmePort := os.Getenv("ACME_PORT")
	if acmePort == "" {
		acmePort = "8082"
	}
	services.SetHTTP01Port(acmePort)
	log.Printf("ACME HTTP-01 challenge port: %s (nginx should proxy .well-known/acme-challenge/ to this port)", acmePort)

	log.Printf("AutoSSL server starting on :%s", cfg.Port)
	if err := r.Run(":" + cfg.Port); err != nil {
		log.Fatalf("Failed to start server: %v", err)
	}
}