# Copyright 2010 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
gem 'faraday', '~> 0.7.0'
require 'faraday'
require 'faraday/utils'
require 'multi_json'
require 'stringio'
require 'google/api_client/version'
require 'google/api_client/errors'
require 'google/api_client/environment'
require 'google/api_client/discovery'
require 'google/api_client/reference'
require 'google/api_client/result'
module Google
  # TODO(bobaman): Document all this stuff.
  ##
  # This class manages APIs communication.
  class APIClient
    ##
    # Creates a new Google API client.
    #
    # @param [Hash] options The configuration parameters for the client.
    # @option options [Symbol, #generate_authenticated_request] :authorization
    #   (:oauth_1)
    #   The authorization mechanism used by the client.  The following
    #   mechanisms are supported out-of-the-box:
    #   
    #     - :two_legged_oauth_1
#- :oauth_1
#- :oauth_2
#
# @option options [String] :host ("www.googleapis.com")
    #   The API hostname used by the client.  This rarely needs to be changed.
    # @option options [String] :application_name
    #   The name of the application using the client.
    # @option options [String] :application_version
    #   The version number of the application using the client.
    # @option options [String] :user_agent
    #   ("{app_name} google-api-ruby-client/{version} {os_name}/{os_version}")
    #   The user agent used by the client.  Most developers will want to
    #   leave this value alone and use the `:application_name` option instead.
    def initialize(options={})
      # Normalize key to String to allow indifferent access.
      options = options.inject({}) do |accu, (key, value)|
        accu[key.to_s] = value
        accu
      end
      # Almost all API usage will have a host of 'www.googleapis.com'.
      self.host = options["host"] || 'www.googleapis.com'
      # Most developers will want to leave this value alone and use the
      # application_name option.
      application_string = (
        options["application_name"] ? (
          "#{options["application_name"]}/" +
          "#{options["application_version"] || '0.0.0'}"
        ) : ""
      )
      self.user_agent = options["user_agent"] || (
        "#{application_string} " +
        "google-api-ruby-client/#{VERSION::STRING} " +
         ENV::OS_VERSION
      ).strip
      # The writer method understands a few Symbols and will generate useful
      # default authentication mechanisms.
      self.authorization = options["authorization"] || :oauth_2
      self.key = options["key"]
      self.user_ip = options["user_ip"]
      @discovery_uris = {}
      @discovery_documents = {}
      @discovered_apis = {}
      return self
    end
    ##
    # Returns the authorization mechanism used by the client.
    #
    # @return [#generate_authenticated_request] The authorization mechanism.
    attr_reader :authorization
    ##
    # Sets the authorization mechanism used by the client.
    #
    # @param [#generate_authenticated_request] new_authorization
    #   The new authorization mechanism.
    def authorization=(new_authorization)
      case new_authorization
      when :oauth_1, :oauth
        gem 'signet', '~> 0.3.0'
        require 'signet/oauth_1/client'
        # NOTE: Do not rely on this default value, as it may change
        new_authorization = Signet::OAuth1::Client.new(
          :temporary_credential_uri =>
            'https://www.google.com/accounts/OAuthGetRequestToken',
          :authorization_uri =>
            'https://www.google.com/accounts/OAuthAuthorizeToken',
          :token_credential_uri =>
            'https://www.google.com/accounts/OAuthGetAccessToken',
          :client_credential_key => 'anonymous',
          :client_credential_secret => 'anonymous'
        )
      when :two_legged_oauth_1, :two_legged_oauth
        gem 'signet', '~> 0.3.0'
        require 'signet/oauth_1/client'
        # NOTE: Do not rely on this default value, as it may change
        new_authorization = Signet::OAuth1::Client.new(
          :client_credential_key => nil,
          :client_credential_secret => nil,
          :two_legged => true
        )
      when :oauth_2
        gem 'signet', '~> 0.3.0'
        require 'signet/oauth_2/client'
        # NOTE: Do not rely on this default value, as it may change
        new_authorization = Signet::OAuth2::Client.new(
          :authorization_uri =>
            'https://accounts.google.com/o/oauth2/auth',
          :token_credential_uri =>
            'https://accounts.google.com/o/oauth2/token'
        )
      when nil
        # No authorization mechanism
      else
        if !new_authorization.respond_to?(:generate_authenticated_request)
          raise TypeError,
            'Expected authorization mechanism to respond to ' +
            '#generate_authenticated_request.'
        end
      end
      @authorization = new_authorization
      return @authorization
    end
    ##
    # The application's API key issued by the API console.
    #
    # @return [String] The API key.
    attr_accessor :key
    ##
    # The IP address of the user this request is being performed on behalf of.
    #
    # @return [String] The user's IP address.
    attr_accessor :user_ip
    ##
    # The API hostname used by the client.
    #
    # @return [String]
    #   The API hostname.  Should almost always be 'www.googleapis.com'.
    attr_accessor :host
    ##
    # The user agent used by the client.
    #
    # @return [String]
    #   The user agent string used in the User-Agent header.
    attr_accessor :user_agent
    ##
    # Returns the URI for the directory document.
    #
    # @return [Addressable::URI] The URI of the directory document.
    def directory_uri
      template = Addressable::Template.new(
        "https://{host}/discovery/v1/apis"
      )
      return template.expand({"host" => self.host})
    end
    ##
    # Manually registers a URI as a discovery document for a specific version
    # of an API.
    #
    # @param [String, Symbol] api The API name.
    # @param [String] version The desired version of the API.
    # @param [Addressable::URI] uri The URI of the discovery document.
    def register_discovery_uri(api, version, uri)
      api = api.to_s
      version = version || 'v1'
      @discovery_uris["#{api}:#{version}"] = uri
    end
    ##
    # Returns the URI for the discovery document.
    #
    # @param [String, Symbol] api The API name.
    # @param [String] version The desired version of the API.
    # @return [Addressable::URI] The URI of the discovery document.
    def discovery_uri(api, version=nil)
      api = api.to_s
      version = version || 'v1'
      return @discovery_uris["#{api}:#{version}"] ||= (begin
        template = Addressable::Template.new(
          "https://{host}/discovery/v1/apis/" +
          "{api}/{version}/rest"
        )
        template.expand({
          "host" => self.host,
          "api" => api,
          "version" => version
        })
      end)
    end
    ##
    # Manually registers a pre-loaded discovery document for a specific version
    # of an API.
    #
    # @param [String, Symbol] api The API name.
    # @param [String] version The desired version of the API.
    # @param [String, StringIO] discovery_document
    #   The contents of the discovery document.
    def register_discovery_document(api, version, discovery_document)
      api = api.to_s
      version = version || 'v1'
      if discovery_document.kind_of?(StringIO)
        discovery_document.rewind
        discovery_document = discovery_document.string
      elsif discovery_document.respond_to?(:to_str)
        discovery_document = discovery_document.to_str
      else
        raise TypeError,
          "Expected String or StringIO, got #{discovery_document.class}."
      end
      @discovery_documents["#{api}:#{version}"] =
        MultiJson.decode(discovery_document)
    end
    ##
    # Returns the parsed directory document.
    #
    # @return [Hash] The parsed JSON from the directory document.
    def directory_document
      return @directory_document ||= (begin
        request = self.generate_request(
          :http_method => :get,
          :uri => self.directory_uri,
          :authenticated => false
        )
        response = self.transmit(:request => request)
        if response.status >= 200 && response.status < 300
          MultiJson.decode(response.body)
        elsif response.status >= 400
          case response.status
          when 400...500
            exception_type = ClientError
          when 500...600
            exception_type = ServerError
          else
            exception_type = TransmissionError
          end
          url = request.to_env(Faraday.default_connection)[:url]
          raise exception_type,
            "Could not retrieve directory document at: #{url}"
        end
      end)
    end
    ##
    # Returns the parsed discovery document.
    #
    # @param [String, Symbol] api The API name.
    # @param [String] version The desired version of the API.
    # @return [Hash] The parsed JSON from the discovery document.
    def discovery_document(api, version=nil)
      api = api.to_s
      version = version || 'v1'
      return @discovery_documents["#{api}:#{version}"] ||= (begin
        request = self.generate_request(
          :http_method => :get,
          :uri => self.discovery_uri(api, version),
          :authenticated => false
        )
        response = self.transmit(:request => request)
        if response.status >= 200 && response.status < 300
          MultiJson.decode(response.body)
        elsif response.status >= 400
          case response.status
          when 400...500
            exception_type = ClientError
          when 500...600
            exception_type = ServerError
          else
            exception_type = TransmissionError
          end
          url = request.to_env(Faraday.default_connection)[:url]
          raise exception_type,
            "Could not retrieve discovery document at: #{url}"
        end
      end)
    end
    ##
    # Returns all APIs published in the directory document.
    #
    # @return [Array] The list of available APIs.
    def discovered_apis
      @directory_apis ||= (begin
        document_base = self.directory_uri
        if self.directory_document && self.directory_document['items']
          self.directory_document['items'].map do |discovery_document|
            Google::APIClient::API.new(
              document_base,
              discovery_document
            )
          end
        else
          []
        end
      end)
    end
    ##
    # Returns the service object for a given service name and service version.
    #
    # @param [String, Symbol] api The API name.
    # @param [String] version The desired version of the API.
    #
    # @return [Google::APIClient::API] The service object.
    def discovered_api(api, version=nil)
      if !api.kind_of?(String) && !api.kind_of?(Symbol)
        raise TypeError,
          "Expected String or Symbol, got #{api.class}."
      end
      api = api.to_s
      version = version || 'v1'
      return @discovered_apis["#{api}:#{version}"] ||= begin
        document_base = self.discovery_uri(api, version)
        discovery_document = self.discovery_document(api, version)
        if document_base && discovery_document
          Google::APIClient::API.new(
            document_base,
            discovery_document
          )
        else
          nil
        end
      end
    end
    ##
    # Returns the method object for a given RPC name and service version.
    #
    # @param [String, Symbol] rpc_name The RPC name of the desired method.
    # @param [String, Symbol] rpc_name The API the method is within.
    # @param [String] version The desired version of the API.
    #
    # @return [Google::APIClient::Method] The method object.
    def discovered_method(rpc_name, api, version=nil)
      if !rpc_name.kind_of?(String) && !rpc_name.kind_of?(Symbol)
        raise TypeError,
          "Expected String or Symbol, got #{rpc_name.class}."
      end
      rpc_name = rpc_name.to_s
      api = api.to_s
      version = version || 'v1'
      service = self.discovered_api(api, version)
      if service.to_h[rpc_name]
        return service.to_h[rpc_name]
      else
        return nil
      end
    end
    ##
    # Returns the service object with the highest version number.
    #
    # @note Warning: This method should be used with great care.
    # As APIs are updated, minor differences between versions may cause
    # incompatibilities. Requesting a specific version will avoid this issue.
    #
    # @param [String, Symbol] api The name of the service.
    #
    # @return [Google::APIClient::API] The service object.
    def preferred_version(api)
      if !api.kind_of?(String) && !api.kind_of?(Symbol)
        raise TypeError,
          "Expected String or Symbol, got #{api.class}."
      end
      api = api.to_s
      return self.discovered_apis.detect do |a|
        a.name == api && a.preferred == true
      end
    end
    ##
    # Verifies an ID token against a server certificate. Used to ensure that
    # an ID token supplied by an untrusted client-side mechanism is valid.
    # Raises an error if the token is invalid or missing.
    def verify_id_token!
      gem 'jwt', '~> 0.1.4'
      require 'jwt'
      require 'openssl'
      @certificates ||= {}
      if !self.authorization.respond_to?(:id_token)
        raise ArgumentError, (
          "Current authorization mechanism does not support ID tokens: " +
          "#{self.authorization.class.to_s}"
        )
      elsif !self.authorization.id_token
        raise ArgumentError, (
          "Could not verify ID token, ID token missing. " +
          "Scopes were: #{self.authorization.scope.inspect}"
        )
      else
        check_cached_certs = lambda do
          valid = false
          for key, cert in @certificates
            begin
              self.authorization.decoded_id_token(cert.public_key)
              valid = true
            rescue JWT::DecodeError, Signet::UnsafeOperationError
              # Expected exception. Ignore, ID token has not been validated.
            end
          end
          valid
        end
        if check_cached_certs.call()
          return true
        end
        request = self.generate_request(
          :http_method => :get,
          :uri => 'https://www.googleapis.com/oauth2/v1/certs',
          :authenticated => false
        )
        response = self.transmit(:request => request)
        if response.status >= 200 && response.status < 300
          @certificates.merge!(
            Hash[MultiJson.decode(response.body).map do |key, cert|
              [key, OpenSSL::X509::Certificate.new(cert)]
            end]
          )
        elsif response.status >= 400
          case response.status
          when 400...500
            exception_type = ClientError
          when 500...600
            exception_type = ServerError
          else
            exception_type = TransmissionError
          end
          url = request.to_env(Faraday.default_connection)[:url]
          raise exception_type,
            "Could not retrieve certificates from: #{url}"
        end
        if check_cached_certs.call()
          return true
        else
          raise InvalidIDTokenError,
            "Could not verify ID token against any available certificate."
        end
      end
      return nil
    end
    ##
    # Generates a request.
    #
    # @option options [Google::APIClient::Method, String] :api_method
    #   The method object or the RPC name of the method being executed.
    # @option options [Hash, Array] :parameters
    #   The parameters to send to the method.
    # @option options [Hash, Array] :headers The HTTP headers for the request.
    # @option options [String] :body The body of the request.
    # @option options [String] :version ("v1")
    #   The service version. Only used if `api_method` is a `String`.
    # @option options [#generate_authenticated_request] :authorization
    #   The authorization mechanism for the response. Used only if
    #   `:authenticated` is `true`.
    # @option options [TrueClass, FalseClass] :authenticated (true)
    #   `true` if the request must be signed or somehow
    #   authenticated, `false` otherwise.
    #
    # @return [Faraday::Request] The generated request.
    #
    # @example
    #   request = client.generate_request(
    #     :api_method => 'plus.activities.list',
    #     :parameters =>
    #       {'collection' => 'public', 'userId' => 'me'}
    #   )
    def generate_request(options={})
      # Note: The merge method on a Hash object will coerce an API Reference
      # object into a Hash and merge with the default options.
      options={
        :version => 'v1',
        :authorization => self.authorization,
        :key => self.key,
        :user_ip => self.user_ip,
        :connection => Faraday.default_connection
      }.merge(options)
      # The Reference object is going to need this to do method ID lookups.
      options[:client] = self
      # The default value for the :authenticated option depends on whether an
      # authorization mechanism has been set.
      if options[:authorization]
        options = {:authenticated => true}.merge(options)
      else
        options = {:authenticated => false}.merge(options)
      end
      reference = Google::APIClient::Reference.new(options)
      request = reference.to_request
      if options[:authenticated]
        request = self.generate_authenticated_request(
          :request => request,
          :connection => options[:connection]
        )
      end
      return request
    end
    ##
    # Signs a request using the current authorization mechanism.
    #
    # @param [Hash] options a customizable set of options
    #
    # @return [Faraday::Request] The signed or otherwise authenticated request.
    def generate_authenticated_request(options={})
      return authorization.generate_authenticated_request(options)
    end
    ##
    # Transmits the request using the current HTTP adapter.
    #
    # @option options [Array, Faraday::Request] :request
    #   The HTTP request to transmit.
    # @option options [String, Symbol] :method
    #   The method for the HTTP request.
    # @option options [String, Addressable::URI] :uri
    #   The URI for the HTTP request.
    # @option options [Array, Hash] :headers
    #   The headers for the HTTP request.
    # @option options [String] :body
    #   The body for the HTTP request.
    # @option options [Faraday::Connection] :connection
    #   The HTTP connection to use.
    #
    # @return [Faraday::Response] The response from the server.
    def transmit(options={})
      options[:connection] ||= Faraday.default_connection
      if options[:request]
        if options[:request].kind_of?(Array)
          method, uri, headers, body = options[:request]
        elsif options[:request].kind_of?(Faraday::Request)
          unless options[:connection]
            raise ArgumentError,
              "Faraday::Request used, requires a connection to be provided."
          end
          method = options[:request].method.to_s.downcase.to_sym
          uri = options[:connection].build_url(
            options[:request].path, options[:request].params
          )
          headers = options[:request].headers || {}
          body = options[:request].body || ''
        end
      else
        method = options[:method] || :get
        uri = options[:uri]
        headers = options[:headers] || []
        body = options[:body] || ''
      end
      headers = headers.to_a if headers.kind_of?(Hash)
      request_components = {
        :method => method,
        :uri => uri,
        :headers => headers,
        :body => body
      }
      # Verify that we have all pieces required to transmit an HTTP request
      request_components.each do |(key, value)|
        unless value
          raise ArgumentError, "Missing :#{key} parameter."
        end
      end
      if self.user_agent != nil
        # If there's no User-Agent header, set one.
        unless headers.kind_of?(Enumerable)
          # We need to use some Enumerable methods, relying on the presence of
          # the #each method.
          class < 'plus.activities.list',
    #     :parameters => {'collection' => 'public', 'userId' => 'me'}
    #   )
    #
    # @see Google::APIClient#generate_request
    def execute(*params)
      # This block of code allows us to accept multiple parameter passing
      # styles, and maintaining some backwards compatibility.
      #
      # Note: I'm extremely tempted to deprecate this style of execute call.
      if params.last.respond_to?(:to_hash) && params.size == 1
        options = params.pop
      else
        options = {}
      end
      options[:api_method] = params.shift if params.size > 0
      options[:parameters] = params.shift if params.size > 0
      options[:body] = params.shift if params.size > 0
      options[:headers] = params.shift if params.size > 0
      options[:client] = self
      reference = Google::APIClient::Reference.new(options)
      request = self.generate_request(reference)
      response = self.transmit(
        :request => request,
        :connection => options[:connection]
      )
      return Google::APIClient::Result.new(reference, request, response)
    end
    ##
    # Same as Google::APIClient#execute, but raises an exception if there was
    # an error.
    #
    # @see Google::APIClient#execute
    def execute!(*params)
      result = self.execute(*params)
      if result.data.respond_to?(:error) &&
          result.data.error.respond_to?(:message)
        # You're going to get a terrible error message if the response isn't
        # parsed successfully as an error.
        error_message = result.data.error.message
      elsif result.data['error'] && result.data['error']['message']
        error_message = result.data['error']['message']
      end
      if result.response.status >= 400
        case result.response.status
        when 400...500
          exception_type = ClientError
          error_message ||= "A client error has occurred."
        when 500...600
          exception_type = ServerError
          error_message ||= "A server error has occurred."
        else
          exception_type = TransmissionError
          error_message ||= "A transmission error has occurred."
        end
        raise exception_type, error_message
      end
      return result
    end
  end
end
require 'google/api_client/version'