module.exports = unpublish

// fetch the data
// modify to remove the version in question
// If no versions remaining, then DELETE
// else, PUT the modified data
// delete the tarball

var semver = require('semver')
var url = require('url')
var chain = require('slide').chain
var assert = require('assert')

function unpublish (uri, params, cb) {
  assert(typeof uri === 'string', 'must pass registry URI to unpublish')
  assert(params && typeof params === 'object', 'must pass params to unpublish')
  assert(typeof cb === 'function', 'must pass callback to unpublish')

  var ver = params.version
  var auth = params.auth
  assert(auth && typeof auth === 'object', 'must pass auth to unpublish')

  var options = {
    timeout: -1,
    follow: false,
    auth: auth
  }
  this.get(uri + '?write=true', options, function (er, data) {
    if (er) {
      this.log.info('unpublish', uri + ' not published')
      return cb()
    }
    // remove all if no version specified
    if (!ver) {
      this.log.info('unpublish', 'No version specified, removing all')
      return this.request(uri + '/-rev/' + data._rev, { method: 'DELETE', auth: auth }, cb)
    }

    var versions = data.versions || {}
    var versionPublic = versions.hasOwnProperty(ver)

    var dist
    if (!versionPublic) {
      this.log.info('unpublish', uri + '@' + ver + ' not published')
    } else {
      dist = versions[ver].dist
      this.log.verbose('unpublish', 'removing attachments', dist)
    }

    delete versions[ver]
    // if it was the only version, then delete the whole package.
    if (!Object.keys(versions).length) {
      this.log.info('unpublish', 'No versions remain, removing entire package')
      return this.request(uri + '/-rev/' + data._rev, { method: 'DELETE', auth: auth }, cb)
    }

    if (!versionPublic) return cb()

    var latestVer = data['dist-tags'].latest
    for (var tag in data['dist-tags']) {
      if (data['dist-tags'][tag] === ver) delete data['dist-tags'][tag]
    }

    if (latestVer === ver) {
      data['dist-tags'].latest =
        Object.getOwnPropertyNames(versions).sort(semver.compareLoose).pop()
    }

    var rev = data._rev
    delete data._revisions
    delete data._attachments
    var cb_ = detacher.call(this, uri, data, dist, auth, cb)

    this.request(uri + '/-rev/' + rev, { method: 'PUT', body: data, auth: auth }, function (er) {
      if (er) {
        this.log.error('unpublish', 'Failed to update data')
      }
      cb_(er)
    }.bind(this))
  }.bind(this))
}

function detacher (uri, data, dist, credentials, cb) {
  return function (er) {
    if (er) return cb(er)
    this.get(escape(uri, data.name), { auth: credentials }, function (er, data) {
      if (er) return cb(er)

      var tb = url.parse(dist.tarball)

      detach.call(this, uri, data, tb.pathname, data._rev, credentials, function (er) {
        if (er || !dist.bin) return cb(er)
        chain(Object.keys(dist.bin).map(function (bt) {
          return function (cb) {
            var d = dist.bin[bt]
            detach.call(this, uri, data, url.parse(d.tarball).pathname, null, credentials, cb)
          }.bind(this)
        }, this), cb)
      }.bind(this))
    }.bind(this))
  }.bind(this)
}

function detach (uri, data, path, rev, credentials, cb) {
  if (rev) {
    path += '/-rev/' + rev
    this.log.info('detach', path)
    return this.request(url.resolve(uri, path), { method: 'DELETE', auth: credentials }, cb)
  }
  this.get(escape(uri, data.name), { auth: credentials }, function (er, data) {
    rev = data._rev
    if (!rev) return cb(new Error('No _rev found in ' + data._id))
    detach.call(this, data, path, rev, cb)
  }.bind(this))
}

function escape (base, name) {
  var escaped = name.replace(/\//, '%2f')
  return url.resolve(base, escaped)
}