package builder

import (
	"fmt"

	zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
	labels "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/labels"
	metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
	deployment "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/deployment"
	appsv1 "k8s.io/api/apps/v1"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/types"
	"k8s.io/apimachinery/pkg/util/intstr"
	"sigs.k8s.io/controller-runtime/pkg/client"
	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
)

func (b *Builder) BuildLoginDeployment(cluster *zitadelv1alpha1.Cluster, instance *zitadelv1alpha1.Instance, customDomain string, key types.NamespacedName) (*appsv1.Deployment, error) {
	replicas := int32(1)
	tag := cluster.Spec.Image.Tag
	if instance.Spec.LoginUI.Image.Tag != nil {
		tag = *instance.Spec.LoginUI.Image.Tag
	}
	objMeta :=
		metadata.NewMetadataBuilder(key).
			WithAnnotations(map[string]string{
				"reloader.stakater.com/auto": "true",
			}).
			Build()

	selectorLabels :=
		labels.NewLabelsBuilder().
			WithLoginUISelectorLabels(instance).
			Build()
	templateObjMeta :=
		metadata.NewMetadataBuilder(client.ObjectKeyFromObject(instance)).
			WithLabels(selectorLabels).
			Build()

	dep := &appsv1.Deployment{
		ObjectMeta: objMeta,
		Spec: appsv1.DeploymentSpec{
			Replicas: &replicas,
			Selector: &metav1.LabelSelector{
				MatchLabels: selectorLabels,
			},
			Template: corev1.PodTemplateSpec{
				ObjectMeta: templateObjMeta,
				Spec: corev1.PodSpec{
					// SecurityContext: &corev1.PodSecurityContext{FSGroup: &group},
					Containers: []corev1.Container{
						corev1.Container{

							Name:            "login-ui",
							Image:           instance.Spec.LoginUI.Image.Name + ":" + tag,
							ImagePullPolicy: corev1.PullIfNotPresent,
							Env: []corev1.EnvVar{
								{
									Name:  "ZITADEL_SERVICE_USER_TOKEN_FILE",
									Value: "/login-client/pat",
								},

								{
									Name:  "ZITADEL_API_URL",
									Value: fmt.Sprintf("http://%s:%d", deployment.ServiceFQDN(cluster.ObjectMeta), deployment.ZitadelPort),
								},

								{
									Name:  "CUSTOM_REQUEST_HEADERS",
									Value: fmt.Sprintf("Host:%s,X-Zitadel-Public-Host:%s", customDomain, customDomain),
								},
							},
							Ports: []corev1.ContainerPort{
								{Name: deployment.LoginName, ContainerPort: deployment.LoginPort},
							},
							LivenessProbe: &corev1.Probe{
								ProbeHandler: corev1.ProbeHandler{
									HTTPGet: &corev1.HTTPGetAction{
										Path:   "/ui/v2/login/healthy",
										Port:   intstr.FromString(deployment.LoginName),
										Scheme: corev1.URISchemeHTTP,
									},
								},
								FailureThreshold:    3,
								InitialDelaySeconds: 0,
								PeriodSeconds:       5,
							},
							ReadinessProbe: &corev1.Probe{
								ProbeHandler: corev1.ProbeHandler{
									HTTPGet: &corev1.HTTPGetAction{
										Path:   "/ui/v2/login/security",
										Port:   intstr.FromString(deployment.LoginName),
										Scheme: corev1.URISchemeHTTP,
									},
								},
								FailureThreshold:    3,
								InitialDelaySeconds: 0,
								PeriodSeconds:       5,
							},

							Resources: instance.Spec.LoginUI.Resources,
							VolumeMounts: []corev1.VolumeMount{
								{Name: "login-ui-pat", MountPath: "/login-client"},
							},
						},
					},
					Volumes: []corev1.Volume{
						{Name: "login-ui-pat", VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{
							SecretName: instance.LoginMachineUserName() + "-pat-secret",
						}}},
					},
				},
			},
		}}
	if err := controllerutil.SetControllerReference(instance, dep, b.scheme); err != nil {
		return nil, fmt.Errorf("error setting controller reference to Deployment: %v", err)
	}
	return dep, nil
}