package main

import (
	"flag"
	"log"
	"log/syslog"
	"math/rand"
	"os"
	"strings"
	"time"

	"github.com/pyke369/golang-support/uconfig"
)

func main() {
	var err error
	var config *uconfig.UConfig
	// default configuration file is /etc/openvpn/dm-mgt-server.conf
	configFile := flag.String("config", "/etc/openvpn/dm-mgt-server.conf", "configuration file")
	logToSyslog := flag.Bool("syslog", false, "Log to syslog")
	debug := flag.Bool("debug", false, "log every message received")
	flag.Parse()

	// parseconfig
	if config, err = uconfig.New(*configFile); err != nil {
		log.Println(err)
		os.Exit(1)
	}

	// seed the prng
	rand.Seed(time.Now().UnixNano())

	server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"))
	server.vpnlogUrl = config.GetString("config.vpnLogUrl", "")
	server.mailRelay = config.GetString("config.mailRelay", "")
	server.MailFrom = config.GetString("config.mailFrom", "")
	server.CcPwnPassword = config.GetString("config.ccPwnPassword", "")
	server.pwnTemplate = config.GetString("config.pwnTemplate", "")
	server.newAsTemplate = config.GetString("config.newAsTemplate", "")
	server.cacheDir = config.GetString("config.cacheDir", "")
	server.authCa = config.GetString("config.authCa", "")
	server.otpMasterSecrets = parseConfigArray(config, "config.masterSecrets")

	if len(server.otpMasterSecrets) == 0 {
		server.otpMasterSecrets = append(server.otpMasterSecrets, "*******************")
	}

	server.syslog = false
	if *logToSyslog {
		log.SetFlags(0)
		server.syslog = true
		logWriter, e := syslog.New(syslog.LOG_NOTICE, "vpnauth")
		if e == nil {
			log.SetOutput(logWriter)
			defer logWriter.Close()
		}
	}

	server.debug = false
	if *debug {
		server.debug = true
	}

	for _, profile := range config.GetPaths("config.profiles") {
		profileName := strings.Split(profile, ".")[2]
		ldapConf := ldapConfig{
			servers:      parseConfigArray(config, profile+".servers"),
			baseDN:       config.GetString(profile+".baseDN", ""),
			bindCn:       config.GetString(profile+".bindCn", ""),
			bindPw:       config.GetString(profile+".bindPw", ""),
			searchFilter: config.GetString(profile+".searchFilter", ""),
			attributes:   parseConfigArray(config, profile+".attributes"),
			validGroups:  parseConfigArray(config, profile+".validGroups"),
			routes:       parseConfigArray(config, profile+".routes"),
			mfaType:      config.GetString(profile+".mfa", ""),
			certAuth:     config.GetString(profile+".cert", "optionnal"),
			upgradeFrom:  config.GetString(profile+".upgradeFrom", ""),
		}
		if err := ldapConf.addIPRange(config.GetString(profile+".IPRange", "")); err != nil {
			log.Println(err)
			os.Exit(1)
		}

		if len(ldapConf.servers) > 0 && len(ldapConf.attributes) < 2 {
			log.Println("valud ldap configuration must have 2 attributes")
			os.Exit(1)
		}

		server.ldap[profileName] = ldapConf
	}

	// time to start the listeners
	go server.Run()
	NewHTTPServer(
		config.GetString("config.http.port", "127.0.0.01:8080"),
		config.GetString("config.http.key", ""),
		config.GetString("config.http.cert", ""),
		config.GetString("config.http.ca", ""),
		config.GetString("config.http.startAuth", "CORP"),
		config.GetString("config.http.reqAuth", "ADMINS"),
		server)
}