#!/usr/bin/env perl

use strict;
use warnings;
use v5.10;
use Date::Manip;
use File::Basename;
use Socket;

use ACU::API::Projects;
use ACU::API::Submission;
use ACU::LDAP;
use ACU::Log;
$ACU::Log::log_file = "/var/log/hooks/" . basename($0) . ".log";
use ACU::Process;

# First, check if the repository is in the YYYY/ directory
exit 0 if ($ENV{GL_REPO} !~ /^2[0-9]{3}\/.+\/.+/);

my ($ref, $oldsha, $newsha) = @ARGV;

my $promo = $1 if ($ENV{'GL_REPO'} =~ m/([0-9]{4}).*/);
my $id_project = $1 if ($ENV{'GL_REPO'} =~ m/.*\/(.*)\//);
my $repo_login = $1 if ($ENV{'GL_REPO'} =~ m/.*\/.*\/(.*)/);

if ($ref =~ m<^refs/tags/(.+)$>)
{
    my $tag = $1;
    log DEBUG, "Pushed tag for repository $ENV{GL_REPO}: $tag with IP $ENV{'SSH_CLIENT'}";

    my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);
    say "[ACU] Your IP is: $ip.";

    $ip = ip2long($ip);

    my $net = ip2long("10.41.0.0");
    my $mask = ip2long("255.255.0.0");

    if (($ip & $mask) != ($net & $mask))
    {
	log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
	exit 1;
    }

    $net = ip2long("10.41.253.0");
    $mask = ip2long("255.255.255.0");

    if (($ip & $mask) == ($net & $mask))
    {
	log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
	exit 1;
    }

    # Get project informations
    my $project;
    eval {
	$project = API::Projects::get($id_project, $promo);
    };
    if ($@ or !$project)
    {
	my $err = $@;
	log TRACE, $err;
	log ERROR, "Impossible d'envoyer de tags ; si le problème persiste, passez au laboratoire.";
	exit 1;
    }

    log TRACE, $project;

    # Extract lot of data
    my @rendus = grep {
	exists $_->{vcs} and $_->{vcs}{tag} eq $tag;
    } @{ $project->{submissions} };

    my $date = $ENV{'GL_TS'};
    $date =~ s/\./ /;
    my $glts = ParseDate($date);

    chomp (my $tokengiven = `git cat-file tag $newsha 2> /dev/null | sed -e '1,/^\$/d'`);
    for my $rendu (@rendus)
    {
	my $open = ParseDate($rendu->{period}{begin});
	my $close = ParseDate($rendu->{period}{end});

	# TODO: check exceptions by login/group

	say "[ACU] Date courante:  ", $glts;
	say "[ACU] Date fermeture: ", $close;

	if ((Date_Cmp($glts, $open) == -1))
	{
	    say "[ACU] Tag not allowed: upload not yet opened!";
	    exit(4);
	}

	if ((Date_Cmp($glts, $close) == 1))
	{
	    say "[ACU] Tag not allowed: upload closed!";
	    exit(5);
	}

	my $token = $rendu->{vcs}{token};
	if ($token ne "" and $token ne $tokengiven)
	{
	    say "[ACU] Error 0x65cd58: Bad token.";
	    exit(6);
	}
    }

    # Send data to API
    my $last_commit = `git log -1 --name-status`;
    eval {
	API::Submission::add($promo, $id_project, $tag, $repo_login, $last_commit);
    };
    if ($@) {
	my $err = $@;
	log DEBUG, "ERROR: ".$err;
	log DONE, "[ACU] Upload successful";
    }
    else {
	log DONE, "[ACU] Upload successful, please check this information on the intranet";
    }
}

exit 0;

sub ip2long
{
    return unpack("l*", pack("l*", unpack("N*", inet_aton(shift))));
}

sub long2ip
{
    return inet_ntoa(pack("N*", shift));
}