// Copyright (C) The Arvados Authors. All rights reserved.
//
// SPDX-License-Identifier: AGPL-3.0

package githttpd

import (
	"os"
	"os/exec"

	check "gopkg.in/check.v1"
)

var _ = check.Suite(&GitSuite{})

const (
	spectatorToken = "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu"
	activeToken    = "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi"
	anonymousToken = "4kg6k6lzmp9kj4cpkcoxie964cmvjahbt4fod9zru44k4jqdmi"
	expiredToken   = "2ym314ysp27sk7h943q6vtc378srb06se3pq6ghurylyf3pdmx"
)

type GitSuite struct {
	IntegrationSuite
}

func (s *GitSuite) TestPathVariants(c *check.C) {
	s.makeArvadosRepo(c)
	for _, repo := range []string{"active/foo.git", "active/foo/.git", "arvados.git", "arvados/.git"} {
		err := s.RunGit(c, spectatorToken, "fetch", repo, "refs/heads/main")
		c.Assert(err, check.Equals, nil)
	}
}

func (s *GitSuite) TestReadonly(c *check.C) {
	err := s.RunGit(c, spectatorToken, "fetch", "active/foo.git", "refs/heads/main")
	c.Assert(err, check.Equals, nil)
	err = s.RunGit(c, spectatorToken, "push", "active/foo.git", "main:newbranchfail")
	c.Assert(err, check.ErrorMatches, `.*HTTP (code = )?403.*`)
	_, err = os.Stat(s.tmpRepoRoot + "/zzzzz-s0uqq-382brsig8rp3666.git/refs/heads/newbranchfail")
	c.Assert(err, check.FitsTypeOf, &os.PathError{})
}

func (s *GitSuite) TestReadwrite(c *check.C) {
	err := s.RunGit(c, activeToken, "fetch", "active/foo.git", "refs/heads/main")
	c.Assert(err, check.Equals, nil)
	err = s.RunGit(c, activeToken, "push", "active/foo.git", "main:newbranch")
	c.Assert(err, check.Equals, nil)
	_, err = os.Stat(s.tmpRepoRoot + "/zzzzz-s0uqq-382brsig8rp3666.git/refs/heads/newbranch")
	c.Assert(err, check.Equals, nil)
}

func (s *GitSuite) TestNonexistent(c *check.C) {
	err := s.RunGit(c, spectatorToken, "fetch", "thisrepodoesnotexist.git", "refs/heads/main")
	c.Assert(err, check.ErrorMatches, `.* not found.*`)
}

func (s *GitSuite) TestMissingGitdirReadableRepository(c *check.C) {
	err := s.RunGit(c, activeToken, "fetch", "active/foo2.git", "refs/heads/main")
	c.Assert(err, check.ErrorMatches, `.* not found.*`)
}

func (s *GitSuite) TestNoPermission(c *check.C) {
	for _, repo := range []string{"active/foo.git", "active/foo/.git"} {
		err := s.RunGit(c, anonymousToken, "fetch", repo, "refs/heads/main")
		c.Assert(err, check.ErrorMatches, `.* not found.*`)
	}
}

func (s *GitSuite) TestExpiredToken(c *check.C) {
	for _, repo := range []string{"active/foo.git", "active/foo/.git"} {
		err := s.RunGit(c, expiredToken, "fetch", repo, "refs/heads/main")
		c.Assert(err, check.ErrorMatches, `.* (500 while accessing|requested URL returned error: 500).*`)
	}
}

func (s *GitSuite) TestInvalidToken(c *check.C) {
	for _, repo := range []string{"active/foo.git", "active/foo/.git"} {
		err := s.RunGit(c, "s3cr3tp@ssw0rd", "fetch", repo, "refs/heads/main")
		c.Assert(err, check.ErrorMatches, `.* requested URL returned error.*`)
	}
}

func (s *GitSuite) TestShortToken(c *check.C) {
	for _, repo := range []string{"active/foo.git", "active/foo/.git"} {
		err := s.RunGit(c, "s3cr3t", "fetch", repo, "refs/heads/main")
		c.Assert(err, check.ErrorMatches, `.* (500 while accessing|requested URL returned error: 500).*`)
	}
}

func (s *GitSuite) TestShortTokenBadReq(c *check.C) {
	for _, repo := range []string{"bogus"} {
		err := s.RunGit(c, "s3cr3t", "fetch", repo, "refs/heads/main")
		c.Assert(err, check.ErrorMatches, `.*not found.*`)
	}
}

// Make a bare arvados repo at {tmpRepoRoot}/arvados.git
func (s *GitSuite) makeArvadosRepo(c *check.C) {
	msg, err := exec.Command("git", "init", "--bare", s.tmpRepoRoot+"/zzzzz-s0uqq-arvadosrepo0123.git").CombinedOutput()
	c.Log(string(msg))
	c.Assert(err, check.Equals, nil)
	msg, err = exec.Command("git", "--git-dir", s.tmpRepoRoot+"/zzzzz-s0uqq-arvadosrepo0123.git", "fetch", "../../.git", "HEAD:main").CombinedOutput()
	c.Log(string(msg))
	c.Assert(err, check.Equals, nil)
}