// Exporting Monzo transactions to my YouNeedABudget.com (i.e. YNAB)
// account. YNAB unfortunately doesn't currently offer an Monzo integration. As
// a workaround and a practical excuse to learn Go, I decided to write one
// myself.
//
// This job is going to run N times per 24 hours. Monzo offers webhooks for
// reacting to certain types of events. I don't expect I'll need realtime data
// for my YNAB integration. That may change, however, so it's worth noting.

package main

import (
	"bytes"
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"net/http/httputil"
	"net/url"
	"strings"
	"os"
	"os/exec"
	"utils"
)

////////////////////////////////////////////////////////////////////////////////
// Constants
////////////////////////////////////////////////////////////////////////////////

var (
	accountId    = os.Getenv("monzo_account_id")
	clientId     = os.Getenv("monzo_client_id")
	clientSecret = os.Getenv("monzo_client_secret")
)

const (
	redirectURI = "http://localhost:8080/authorization-code"
	// TODO(wpcarro): Consider generating a random string for the state when the
	// application starts instead of hardcoding it here.
	state = "xyz123"
)

////////////////////////////////////////////////////////////////////////////////
// Business Logic
////////////////////////////////////////////////////////////////////////////////

// This is the response returned from Monzo when we exchange our authorization
// code for an access token. While Monzo returns additional fields, I'm only
// interested in AccessToken and RefreshToken.
type accessTokenResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
}

type setTokensRequest struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
}

type Tokens struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
}

// TODO(wpcarro): Replace http.PostForm and other similar calls with
// client.postForm. The default http.Get and other methods doesn't timeout, so
// it's better to create a configured client with a value for the timeout.

// Returns the access token and refresh tokens for the Monzo API.
func getTokens(code string) *Tokens {
	res, err := http.PostForm("https://api.monzo.com/oauth2/token", url.Values{
		"grant_type":    {"authorization_code"},
		"client_id":     {clientId},
		"client_secret": {clientSecret},
		"redirect_uri":  {redirectURI},
		"code":          {code},
	})
	utils.FailOn(err)
	defer res.Body.Close()
	payload := &accessTokenResponse{}
	json.NewDecoder(res.Body).Decode(payload)

	return &Tokens{payload.AccessToken, payload.RefreshToken, payload.ExpiresIn}
}

// TODO(wpcarro): Prefer using an environment variable for the web browser
// instead of assuming it will be google-chrome.
// Open a web browser to allow the user to authorize this application. Return
// the authorization code sent from Monzo.
func getAuthCode() string {
	url := fmt.Sprintf("https://auth.monzo.com/?client_id=%s&redirect_uri=%s&response_type=code&state=%s", clientId, redirectURI, state)
	exec.Command("google-chrome", url).Start()

	authCode := make(chan string)
	go func() {
		log.Fatal(http.ListenAndServe(":8080", http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
			// 1. Get authorization code from Monzo.
			if req.URL.Path == "/authorization-code" {
				params := req.URL.Query()
				reqState := params["state"][0]
				code := params["code"][0]

				if reqState != state {
					log.Fatalf("Value for state returned by Monzo does not equal our state. %s != %s", reqState, state)
				}
				authCode <- code

				fmt.Fprintf(w, "Authorized!")
			} else {
				log.Printf("Unhandled request: %v\n", *req)
			}
		})))
	}()
	result := <-authCode
	return result
}

// TODO(wpcarro): Move this logic out of here and into the tokens server.
func authorize() {
	authCode := getAuthCode()
	tokens := getTokens(authCode)
	client := &http.Client{}

	payload, _ := json.Marshal(setTokensRequest{
		tokens.AccessToken,
		tokens.RefreshToken,
		tokens.ExpiresIn})
	log.Printf("Access token: %s\n", tokens.AccessToken)
	log.Printf("Refresh token: %s\n", tokens.RefreshToken)
	log.Printf("Expires: %s\n", tokens.ExpiresIn)
	req, _ := http.NewRequest("POST", "http://localhost:4242/set-tokens", bytes.NewBuffer(payload))
	req.Header.Set("Content-Type", "application/json")
	_, err := client.Do(req)
	utils.FailOn(err)
}

// Retrieves the access token from the tokens server.
func getAccessToken() string {
	return simpleGet("http://localhost:4242/token")
}

func main() {
	accessToken := getAccessToken()
	// authHeaders := map[string]string{
	// 	"Authorization": fmt.Sprintf("Bearer %s", accessToken),
	// }

	client := &http.Client{}
	form := url.Values{"account_id": {accountId}}
	req, _ := http.NewRequest("GET", "https://api.monzo.com/transactions", strings.NewReader(form.Encode()))
	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken))
	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
	bytes, _ := httputil.DumpRequest(req, true)
	fmt.Println(string(bytes))
	res, _ := client.Do(req)
	bytes, _ = httputil.DumpResponse(res, true)
	fmt.Println(string(bytes))

	// res := simpleGet("https://api.monzo.com/accounts", authHeaders, true)
	// fmt.Println(res)

	os.Exit(0)
}