from cement.core.controller import CementBaseController, expose
from cement.core import handler, hook
from ee.core.shellexec import EEShellExec
from ee.core.variables import EEVariables
from ee.core.logging import Log
from ee.core.git import EEGit
from ee.core.services import EEService
import string
import random
import sys
import hashlib
import getpass


def ee_secure_hook(app):
    # do something with the ``app`` object here.
    pass


class EESecureController(CementBaseController):
    class Meta:
        label = 'secure'
        stacked_on = 'base'
        stacked_type = 'nested'
        description = ('Secure command secure auth, ip and port')
        arguments = [
            (['--auth'],
                dict(help='secure auth', action='store_true')),
            (['--port'],
                dict(help='secure port', action='store_true')),
            (['--ip'],
                dict(help='secure ip', action='store_true')),
            (['user_input'],
                dict(help='user input', nargs='?', default=None)),
            (['user_pass'],
                dict(help='user pass', nargs='?', default=None))]
        usage = "ee secure [options]"

    @expose(hide=True)
    def default(self):
            if self.app.pargs.auth:
                self.secure_auth()
            if self.app.pargs.port:
                self.secure_port()
            if self.app.pargs.ip:
                self.secure_ip()

    @expose(hide=True)
    def secure_auth(self):
        """This function Secures authentication"""
        passwd = ''.join([random.choice
                         (string.ascii_letters + string.digits)
                         for n in range(6)])
        if not self.app.pargs.user_input:
            username = input("Provide HTTP authentication user "
                             "name [{0}] :".format(EEVariables.ee_user))
            self.app.pargs.user_input = username
            if username == "":
                self.app.pargs.user_input = EEVariables.ee_user
        if not self.app.pargs.user_pass:
            password = getpass.getpass("Provide HTTP authentication "
                                       "password [{0}] :".format(passwd))
            self.app.pargs.user_pass = password
            if password == "":
                self.app.pargs.user_pass = passwd
        Log.debug(self, "printf username:"
                  "$(openssl passwd -crypt "
                  "password 2> /dev/null)\n\""
                  "> /etc/nginx/htpasswd-ee 2>/dev/null")
        EEShellExec.cmd_exec(self, "printf \"{username}:"
                             "$(openssl passwd -crypt "
                             "{password} 2> /dev/null)\n\""
                             "> /etc/nginx/htpasswd-ee 2>/dev/null"
                             .format(username=self.app.pargs.user_input,
                                     password=self.app.pargs.user_pass),
                             log=False)
        EEGit.add(self, ["/etc/nginx"],
                  msg="Adding changed secure auth into Git")

    @expose(hide=True)
    def secure_port(self):
        """This function Secures port"""
        if self.app.pargs.user_input:
            while not self.app.pargs.user_input.isdigit():
                Log.info(self, "Please Enter valid port number ")
                self.app.pargs.user_input = input("EasyEngine "
                                                  "admin port [22222]:")
        if not self.app.pargs.user_input:
            port = input("EasyEngine admin port [22222]:")
            if port == "":
                self.app.pargs.user_input = 22222
            while not port.isdigit() and port != "":
                Log.info(self, "Please Enter valid port number :")
                port = input("EasyEngine admin port [22222]:")
            self.app.pargs.user_input = port
        if EEVariables.ee_platform_distro == 'Ubuntu':
            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
                                 "{port} default_server ssl spdy;/\" "
                                 "/etc/nginx/sites-available/22222"
                                 .format(port=self.app.pargs.user_input))
        if EEVariables.ee_platform_distro == 'debian':
            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
                                 "{port} default_server ssl;/\" "
                                 "/etc/nginx/sites-available/22222"
                                 .format(port=self.app.pargs.user_input))
        EEGit.add(self, ["/etc/nginx"],
                  msg="Adding changed secure port into Git")
        EEService.reload_service(self, 'nginx')
        Log.info(self, "Successfully port changed {port}"
                 .format(port=self.app.pargs.user_input))

    @expose(hide=True)
    def secure_ip(self):
        """This function Secures IP"""
        # TODO:remaining with ee.conf updation in file
        newlist = []
        if not self.app.pargs.user_input:
            ip = input("Enter the comma separated IP addresses "
                       "to white list [127.0.0.1]:")
            self.app.pargs.user_input = ip
        try:
            user_ip = self.app.pargs.user_input.split(',')
        except Exception as e:
            user_ip = ['127.0.0.1']
        for ip_addr in user_ip:
            if not ("exist_ip_address "+ip_addr in open('/etc/nginx/common/'
                    'acl.conf').read()):
                EEShellExec.cmd_exec(self, "sed -i "
                                     "\"/deny/i allow {whitelist_adre}\;\""
                                     " /etc/nginx/common/acl.conf"
                                     .format(whitelist_adre=ip_addr))
        EEGit.add(self, ["/etc/nginx"],
                  msg="Adding changed secure ip into Git")

        Log.info(self, "Successfully added IP address in acl.conf file")


def load(app):
    # register the plugin class.. this only happens if the plugin is enabled
    handler.register(EESecureController)
    # register a hook (function) to run after arguments are parsed.
    hook.register('post_argument_parsing', ee_secure_hook)