# -*- coding: utf-8
#
# manage clientsdb.json

#import site packages
import json
import hmac
import bcrypt

#import local packages
import ioconfig
import utils

def addclient(vmid, vmname, clientid, clientname, srvpass):
    """ add new client to the clientsdb.json """
    clientsdb = readclientsdb()

    if str(clientid) in clientsdb:
        ioconfig.logger.info('clients> client ' + clientid + ' already exists. merging.')
    else:
        ioconfig.logger.info('clients> client ' + clientid + ' does not exist. creating.')
        vcard = { 'name':str(clientname) }
        newclient = { str(clientid):vcard }
        clientsdb.update(newclient)
    ioconfig.logger.info('clients> vmid ' + vmid + ' will be owned by ' + clientid + ' (' + clientname + ')')
    vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
    clientsdb[str(clientid)][str(vmid)] = vmdata

    writeclientsdb(clientsdb)


def validate(vmname, srvpass):
    """ return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """
    try:
        clientsdb = readclientsdb()
        path = utils.find_key(clientsdb, vmname)
        c_id = str(path[0])
        v_id = str(path[1])
        #check the returned path with forward query
        query = clientsdb[c_id][v_id]['hostname']
    except:
        return False

    #double check
    if query != vmname:
        return False
    else:
        #try to capture the encrypted password
        try:
            encpass = clientsdb[c_id][v_id]['encpasswd']
        except:
            return False

        #compare it with the requested password
        b_srvpass = srvpass.encode('utf-8')
        b_encpass = encpass.encode('utf-8')
        if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
            #login successful
            ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
            print('the gates are open!')
            return True

    print('boo.')
    return False


def setencpasswd(vmname, newpass):
    """ setup a new management password """
    salt = bcrypt.gensalt()
    b_newpass = newpass.encode('utf-8')
    encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8')

    try:
        clientsdb = readclientsdb()
        print(clientsdb)
        path = utils.find_key(clientsdb, vmname)
        print(path)
        c_id = str(path[0])
        v_id = str(path[1])
        #check the returned path with forward query
        query = clientsdb[c_id][v_id]['hostname']
    except:
        raise

    if query != vmname:
        raise
    else:
        clientsdb[c_id][v_id]['encpasswd'] = encpasswd
        ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id))
        writeclientsdb(clientsdb)


def vmowner(vmid, vmname, verbose):
    """ find the owner of the vm """
    clientsdb = readclientsdb()
    try:
        clientid = utils.get_rec(clientsdb, str(vmid))[0]['ownerid']
        clientname = clientsdb[str(clientid)]['name']
    except:
        raise
        clientid = '0' #unknown owner
        clientname = 'unknown'
    if verbose:
        ioconfig.logger.info('clients> the owner of ' + str(vmid) + ' (' + vmname + ') is ' + str(clientid) + ' (' + clientname + ')')
    return clientid


def readclientsdb():
    """ read client db """
    try:
        with open('clients.json') as dbr:
            clientsdb = json.load(dbr)
        dbr.close()
    except:
        clientsdb = {}
        ioconfig.logger.warning('clients> initializing...')
        #writeclientsdb(clientsdb)
    return clientsdb


def writeclientsdb(clientsdb):
    """ write db """
    with open('clients.json', 'w') as dbw:
        json.dump(clientsdb, dbw)
    dbw.close()


if __name__ == '__main__':
    setencpasswd('srv.test1.com', 'todos')
    validate('srv.test1.com', 'todos')