import copy
import os
from pathlib import Path
from flask import Blueprint, request, redirect, flash, send_file, abort
from auth import require_level
from config_utils import CONFIGS_DIR, load_config, record_group, diff_fields
import validation as validate

_PAGE = Path(__file__).parent.name

bp = Blueprint(_PAGE, __name__)

RADIUS_SECRET_FILE = Path(CONFIGS_DIR) / '.radius-secret'
RADIUS_LOG_FILE    = '/var/log/freeradius/radius.log'

VALID_MAC_FORMATS = {
    'aabbccddeeff', 'aa-bb-cc-dd-ee-ff', 'aa:bb:cc:dd:ee:ff',
    'AABBCCDDEEFF', 'AA-BB-CC-DD-EE-FF', 'AA:BB:CC:DD:EE:FF',
}


@bp.route('/action/radius/regenerate', methods=['POST'])
@require_level('administrator')
def regenerate():
    try:
        RADIUS_SECRET_FILE.unlink(missing_ok=True)
    except OSError as ex:
        flash(f'Could not delete .radius-secret: {ex}', 'error')
        return redirect(f'/{_PAGE}')
    flash('Secret deleted. A new secret will be generated when the pending command is applied.', 'success')
    return redirect(f'/{_PAGE}')


@bp.route('/action/radius/options_save', methods=['POST'])
@require_level('administrator')
def options_save():
    mac_format = request.form.get('mac_format', 'aabbccddeeff')
    apply_to   = request.form.get('apply_to', 'all')

    if mac_format not in VALID_MAC_FORMATS:
        flash('Invalid MAC format.', 'error')
        return redirect(f'/{_PAGE}')
    if apply_to not in ('all', 'wireless'):
        flash('Invalid apply_to value.', 'error')
        return redirect(f'/{_PAGE}')

    cfg    = load_config()
    before = copy.deepcopy(cfg.get('free_radius', {}).get('options', {}))
    after  = {'mac_format': mac_format, 'apply_to': apply_to}
    cfg.setdefault('free_radius', {})['options'] = after

    changes = diff_fields(before, after)
    flash(record_group(cfg, 'free_radius.options', 'setting', 'free_radius', changes, 'core apply'), 'success')
    return redirect(f'/{_PAGE}')


@bp.route('/action/radius/logging_save', methods=['POST'])
@require_level('administrator')
def logging_save():
    log_max_kb = validate.int_range(request.form.get('log_max_kb', '').strip(), 64, None)
    if log_max_kb is None:
        flash('Max Log Size must be a number >= 64.', 'error')
        return redirect(f'/{_PAGE}')
    logging = 'logging' in request.form

    cfg    = load_config()
    before = copy.deepcopy(cfg.get('free_radius', {}).get('general', {}))
    after  = {'logging': logging, 'log_max_kb': log_max_kb}
    cfg.setdefault('free_radius', {})['general'] = after

    changes = diff_fields(before, after)
    flash(record_group(cfg, 'free_radius.general', 'setting', 'free_radius', changes, 'core apply'), 'success')
    return redirect(f'/{_PAGE}')


@bp.route('/action/radius/logging_clear', methods=['POST'])
@require_level('administrator')
def logging_clear():
    try:
        open(RADIUS_LOG_FILE, 'w').close()
        flash('RADIUS log cleared.', 'success')
    except Exception as ex:
        flash(f'Could not clear log: {ex}', 'error')
    return redirect(f'/{_PAGE}')


@bp.route('/action/radius/logging_download', methods=['GET'])
@require_level('administrator')
def logging_download():
    if not os.path.isfile(RADIUS_LOG_FILE):
        abort(404)
    return send_file(RADIUS_LOG_FILE, as_attachment=True, download_name='radius.log', mimetype='text/plain')