package main

import (
	"crypto/sha256"
	"fmt"
	"log/slog"
	"os"
	"strings"
	"time"

	"git.intruders.space/public/opentimestamps"
	"git.intruders.space/public/opentimestamps/verifyer"
	"github.com/btcsuite/btcd/rpcclient"
	"github.com/spf13/cobra"
)

var (
	// Verify command flags
	verifyEsploraURL   string
	verifyBitcoindHost string
	verifyBitcoindUser string
	verifyBitcoindPass string
	verifyTimeout      time.Duration
)

// verifyCmd represents the verify command
var verifyCmd = &cobra.Command{
	Use:   "verify [flags] <file> <file.ots>",
	Short: "Verify a timestamp",
	Long: `Verify a timestamp against the Bitcoin blockchain.
It computes the file digest, checks it against the timestamp,
and verifies the timestamp against Bitcoin using either Esplora API or bitcoind.`,
	Args: cobra.ExactArgs(2),
	Run:  runVerifyCmd,
}

func init() {
	// Local flags for the verify command
	verifyCmd.Flags().StringVar(&verifyEsploraURL, "esplora", "https://blockstream.info/api", "URL of Esplora API")
	verifyCmd.Flags().StringVar(&verifyBitcoindHost, "bitcoind", "", "Host:port of bitcoind RPC (e.g. localhost:8332)")
	verifyCmd.Flags().StringVar(&verifyBitcoindUser, "rpcuser", "", "Bitcoin RPC username")
	verifyCmd.Flags().StringVar(&verifyBitcoindPass, "rpcpass", "", "Bitcoin RPC password")
	verifyCmd.Flags().DurationVar(&verifyTimeout, "timeout", 30*time.Second, "Connection timeout")
}

func runVerifyCmd(cmd *cobra.Command, args []string) {
	filePath := args[0]
	otsPath := args[1]

	// Read the original file
	fileData, err := os.ReadFile(filePath)
	if err != nil {
		slog.Error("Failed to read file", "file", filePath, "error", err)
		os.Exit(1)
	}

	// Compute the file digest
	digest := sha256.Sum256(fileData)
	slog.Debug("Computed file digest", "digest", digest)

	// Read and parse the OTS file
	otsData, err := os.ReadFile(otsPath)
	if err != nil {
		slog.Error("Failed to read OTS file", "file", otsPath, "error", err)
		os.Exit(1)
	}

	timestampFile, err := opentimestamps.ReadFromFile(otsData)
	if err != nil {
		slog.Error("Failed to parse OTS file", "file", otsPath, "error", err)
		os.Exit(1)
	}

	// Setup Bitcoin connection
	var bitcoin verifyer.Bitcoin
	if verifyBitcoindHost != "" {
		if verifyBitcoindUser == "" || verifyBitcoindPass == "" {
			slog.Error("Bitcoind RPC credentials required with --bitcoind")
			os.Exit(1)
		}

		// Create bitcoind connection config
		config := rpcclient.ConnConfig{
			Host:         verifyBitcoindHost,
			User:         verifyBitcoindUser,
			Pass:         verifyBitcoindPass,
			HTTPPostMode: true,
			DisableTLS:   true,
		}

		btc, err := verifyer.NewBitcoindInterface(config)
		if err != nil {
			slog.Error("Failed to connect to bitcoind", "error", err)
			os.Exit(1)
		}
		bitcoin = btc
		slog.Info("Using bitcoind", "host", verifyBitcoindHost)
	} else {
		// Use Esplora API
		bitcoin = verifyer.NewEsploraClient(verifyEsploraURL, verifyTimeout)
		slog.Info("Using Esplora API", "url", verifyEsploraURL)
	}

	// Check if digests match
	if string(digest[:]) != string(timestampFile.Digest) {
		slog.Warn("File digest doesn't match timestamp digest",
			"file_digest", digest,
			"timestamp_digest", timestampFile.Digest)
	}

	// Get Bitcoin-attested sequences
	bitcoinSequences := timestampFile.GetBitcoinAttestedSequences()
	if len(bitcoinSequences) == 0 {
		// If no Bitcoin sequences, check if there are pending sequences
		pendingSequences := timestampFile.GetPendingSequences()
		if len(pendingSequences) > 0 {
			slog.Info("Timestamp is pending confirmation in the Bitcoin blockchain")
			slog.Info("Use 'ots upgrade <file.ots>' to try upgrading it")

			for _, seq := range pendingSequences {
				att := seq.GetAttestation()
				slog.Info("Pending at calendar", "url", att.CalendarServerURL)
			}
		} else {
			slog.Error("No valid attestations found in this timestamp")
		}
		os.Exit(1)
	}

	// Verify each Bitcoin-attested sequence
	verificationSuccess := false
	for i, seq := range bitcoinSequences {
		slog.Info("Verifying sequence", "index", i+1, "total", len(bitcoinSequences))

		tx, err := seq.Verify(bitcoin, timestampFile.Digest)
		if err != nil {
			slog.Warn("Verification failed", "error", err)
			continue
		}

		att := seq.GetAttestation()

		// Get the block time
		blockHash, err := bitcoin.GetBlockHash(int64(att.BitcoinBlockHeight))
		blockTime := ""
		if err == nil {
			blockHeader, err := bitcoin.GetBlockHeader(blockHash)
			if err == nil {
				// Format the block time
				blockTime = fmt.Sprintf(" (%s)", blockHeader.Timestamp.Format(time.RFC3339))
			}
		}

		slog.Info("Verification successful",
			"block_height", att.BitcoinBlockHeight,
			"block_time", strings.TrimPrefix(blockTime, " "))

		if tx != nil {
			slog.Info("Bitcoin transaction", "txid", tx.TxHash().String())
		}
		verificationSuccess = true
	}

	if !verificationSuccess {
		slog.Error("All verification attempts failed")
		os.Exit(1)
	}

	slog.Info("Timestamp successfully verified")
}