from django.db import models
from datetime import datetime, timedelta
import hmac
import hashlib
import random
import string

class ApiKey(models.Model):
    ''' An API key, to login using the API

        An API key consists in a somewhat long chunk of ascii text, *not*
        containing any dollar ($) sign. It is saved on the client's machine as
        a string "keyId$key".
        An API token (to authentify a request) is a triplet (ts, kid, hmac) of
        a timestamp `ts`, the key id `kid` and
            hmac = `HMAC(key, ts + data, sha256)`
        where `data` is the normalized (`json.dumps(json.loads(...))`) value of
        the data part of the request.
    '''
    key = models.CharField("API key",
                           max_length=128)
    name = models.CharField("Key name",
                            max_length=256,
                            help_text="Where is this key used from?")
    last_used = models.DateTimeField("Last used",
                                     default=datetime.fromtimestamp(0))

    def everUsed(self):
        return self.last_used > datetime.fromtimestamp(0)

    def initialFill(self):
        if not self.key:
            KEY_SIZE = 64
            KEY_CHARS = string.ascii_letters + string.digits
            self.key = ''.join(random.choices(KEY_CHARS, k=KEY_SIZE))

    @property
    def keyId(self):
        return self.id

    @property
    def displayValue(self):
        return "{}${}".format(self.keyId, self.key)

    def __str__(self):
        return self.displayValue

    def isCorrect(self, timestamp, inpMac, data):
        claimedDate = datetime.fromtimestamp(timestamp)
        if datetime.now() - timedelta(minutes=5) > claimedDate:
            return False

        mac = hmac.new(self.key.encode('utf-8'),
                       msg=str(int(claimedDate.timestamp())).encode('utf-8'),
                       digestmod=hashlib.sha256)
        mac.update(data.encode('utf-8'))

        return hmac.compare_digest(mac.hexdigest(), inpMac)