-- Copyright 2008 Steven Barth <steven@midlink.org>
-- Copyright 2008 Jo-Philipp Wich <jow@openwrt.org>
-- Licensed to the public under the Apache License 2.0.

module("luci.controller.rpc", package.seeall)


function session_retrieve(sid, allowed_users)
	local util = require "luci.util"
	local sdat = util.ubus("session", "get", {
		ubus_rpc_session = sid
	})

	if type(sdat) == "table" and
	   type(sdat.values) == "table" and
	   type(sdat.values.token) == "string" and
	   type(sdat.values.username) == "string" and
	   util.contains(allowed_users, sdat.values.username)
	then
		return sid, sdat.values
	end

	return nil
end

function authenticator(validator, accs)
	local http = require "luci.http"
	local ctrl = require "luci.controller.rpc"
	local auth = http.formvalue("auth", true) or http.getcookie("sysauth")

	if auth then -- if authentication token was given
		local sid, sdat = ctrl.session_retrieve(auth, accs)
		if sdat then -- if given token is valid
			return sdat.username, sid
		end
		http.status(403, "Forbidden")
	end
end


function index()
	local ctrl = require "luci.controller.rpc"

	local rpc = node("rpc")
	rpc.sysauth = "root"
	rpc.sysauth_authenticator = ctrl.authenticator
	rpc.notemplate = true

	entry({"rpc", "uci"}, call("rpc_uci"))
	entry({"rpc", "fs"}, call("rpc_fs"))
	entry({"rpc", "sys"}, call("rpc_sys"))
	entry({"rpc", "ipkg"}, call("rpc_ipkg"))
	entry({"rpc", "ip"}, call("rpc_ip"))
	entry({"rpc", "auth"}, call("rpc_auth")).sysauth = false
end

function rpc_auth()
	local ctrl    = require "luci.controller.rpc"
	local jsonrpc = require "luci.jsonrpc"
	local http    = require "luci.http"
	local sys     = require "luci.sys"
	local ltn12   = require "luci.ltn12"
	local util    = require "luci.util"

	local server = {}
	server.challenge = function(user, pass)
		local config = require "luci.config"
		local login = util.ubus("session", "login", {
			username = user,
			password = pass,
			timeout  = tonumber(config.sauth.sessiontime)
		})

		if type(login) == "table" and
		   type(login.ubus_rpc_session) == "string"
		then
			util.ubus("session", "set", {
				ubus_rpc_session = login.ubus_rpc_session,
				values = {
					token = sys.uniqueid(16)
				}
			})

			local sid, sdat = ctrl.session_retrieve(login.ubus_rpc_session, { user })
			if sdat then
				return {
					sid = sid,
					token = sdat.token
				}
			end
		end

		return nil
	end

	server.login = function(...)
		local challenge = server.challenge(...)
		if challenge then
			http.header("Set-Cookie", 'sysauth=%s; path=%s' %{
				challenge.sid,
				http.getenv("SCRIPT_NAME")
			})
			return challenge.sid
		end
	end

	http.prepare_content("application/json")
	ltn12.pump.all(jsonrpc.handle(server, http.source()), http.write)
end

function rpc_uci()
	if not pcall(require, "luci.model.uci") then
		luci.http.status(404, "Not Found")
		return nil
	end
	local uci     = require "luci.jsonrpcbind.uci"
	local jsonrpc = require "luci.jsonrpc"
	local http    = require "luci.http"
	local ltn12   = require "luci.ltn12"

	http.prepare_content("application/json")
	ltn12.pump.all(jsonrpc.handle(uci, http.source()), http.write)
end

function rpc_fs()
	local util    = require "luci.util"
	local io      = require "io"
	local fs2     = util.clone(require "nixio.fs")
	local jsonrpc = require "luci.jsonrpc"
	local http    = require "luci.http"
	local ltn12   = require "luci.ltn12"

	function fs2.readfile(filename)
		local stat, mime = pcall(require, "mime")
		if not stat then
			error("Base64 support not available. Please install LuaSocket.")
		end

		local fp = io.open(filename)
		if not fp then
			return nil
		end

		local output = {}
		local sink = ltn12.sink.table(output)
		local source = ltn12.source.chain(ltn12.source.file(fp), mime.encode("base64"))
		return ltn12.pump.all(source, sink) and table.concat(output)
	end

	function fs2.writefile(filename, data)
		local stat, mime = pcall(require, "mime")
		if not stat then
			error("Base64 support not available. Please install LuaSocket.")
		end

		local  file = io.open(filename, "w")
		local  sink = file and ltn12.sink.chain(mime.decode("base64"), ltn12.sink.file(file))
		return sink and ltn12.pump.all(ltn12.source.string(data), sink) or false
	end

	http.prepare_content("application/json")
	ltn12.pump.all(jsonrpc.handle(fs2, http.source()), http.write)
end

function rpc_sys()
	local util    = require "luci.util"
	local sys     = require "luci.sys"
	local jsonrpc = require "luci.jsonrpc"
	local http    = require "luci.http"
	local ltn12   = require "luci.ltn12"

	local sys2 = util.clone(sys)
	      sys2.net = util.clone(sys.net)
	      sys2.wifi = util.clone(sys.wifi)

	function sys2.wifi.getiwinfo(ifname, operation)
		local iw = sys.wifi.getiwinfo(ifname)
		if iw then
			if operation then
				assert(type(iwinfo[iw.type][operation]) == "function")
				return iw[operation]
			end

			local n, f
			local rv = { ifname = ifname }
			for n, f in pairs(iwinfo[iw.type]) do
				if type(f) == "function" and
				   n ~= "scanlist" and n ~= "countrylist"
				then
					rv[n] = iw[n]
				end
			end
			return rv
		end
		return nil
	end

	http.prepare_content("application/json")
	ltn12.pump.all(jsonrpc.handle(sys2, http.source()), http.write)
end

function rpc_ipkg()
	if not pcall(require, "luci.model.ipkg") then
		luci.http.status(404, "Not Found")
		return nil
	end
	local ipkg    = require "luci.model.ipkg"
	local jsonrpc = require "luci.jsonrpc"
	local http    = require "luci.http"
	local ltn12   = require "luci.ltn12"

	http.prepare_content("application/json")
	ltn12.pump.all(jsonrpc.handle(ipkg, http.source()), http.write)
end

function rpc_ip()
	if not pcall(require, "luci.ip") then
		luci.http.status(404, "Not Found")
		return nil
	end

	local util    = require "luci.util"
	local ip      = require "luci.ip"
	local jsonrpc = require "luci.jsonrpc"
	local http    = require "luci.http"
	local ltn12   = require "luci.ltn12"

	local ip2 = util.clone(ip)

	local _, n
	for _, n in ipairs({ "new", "IPv4", "IPv6", "MAC" }) do
		ip2[n] = function(address, netmask, operation, argument)
			local cidr = ip[n](address, netmask)
			if cidr and operation then
				assert(type(cidr[operation]) == "function")
				local cidr2 = cidr[operation](cidr, argument)
				return (type(cidr2) == "userdata") and cidr2:string() or cidr2
			end
			return (type(cidr) == "userdata") and cidr:string() or cidr
		end
	end

	http.prepare_content("application/json")
	ltn12.pump.all(jsonrpc.handle(ip2, http.source()), http.write)
end