<?php


/**
 * Implements hook_form_alter().
 */
function hosting_http_basic_auth_form_alter(&$form, $form_state, $form_id) {
  if ($form_id == 'site_node_form') {

    $form['http_basic_auth'] = array(
      '#type' => 'fieldset',
      '#title' => t('HTTP Basic Authentication'),
      '#description' => t('Specify a password to ensure that only people that know the specifed username and password can access the site.'),
    );

    $form['http_basic_auth']['http_basic_auth_username'] = array(
      '#type' => 'textfield',
      '#title' => t('Username'),
      '#default_value' => isset($form['#node']->http_basic_auth_username) ? $form['#node']->http_basic_auth_username : '',
      '#weight' => 0,
    );
    $form['http_basic_auth']['http_basic_auth_password'] = array(
      '#type' => 'textfield',
      '#title' => t('Password'),
      '#default_value' => isset($form['#node']->http_basic_auth_password) ? $form['#node']->http_basic_auth_password : '',
      '#weight' => 1,
    );
    
    // If there's already a platform (ie on the site edit page), or a platform was chosen but we are still on the form (ie  load $web_server from that.
    // @TODO: We could use Drupal Ajax to actually load the IP Whitelist field depending ont he platform.
    if (!empty($form['#node']->platform) || !empty($form_state['values']['platform'])) {
      $platform_nid = !empty($form_state['values']['platform'])? $form_state['values']['platform']: $form['#node']->platform;
      $platform = node_load($platform_nid);
      $web_server = node_load($platform->web_server);
    }
    // Otherwise, just load the first http server we have. We don't know the platform the user wants yet.
    else {
      $web_server = node_load(key(hosting_get_servers('http')));
    }
    
    if (in_array($web_server->services['http']->type, ['apache', 'https_apache', 'apache_ssl'])) {
      $form['http_basic_auth']['http_basic_auth_whitelist'] = array(
        '#type' => 'textfield',
        '#title' => t('IP whitelist'),
        '#default_value' => isset($form['#node']->http_basic_auth_whitelist) ? $form['#node']->http_basic_auth_whitelist : '',
        '#description' => t('Space separated list of IP addresses. Have a look at the !link for more options.',
          array('!link' => l('examples from apache', 'https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#allow'))),
        '#weight' => 2,
      );
    }
    $form['http_basic_auth']['http_basic_auth_message'] = array(
      '#type' => 'textfield',
      '#title' => t('Message'),
      '#default_value' => isset($form['#node']->http_basic_auth_message) ? $form['#node']->http_basic_auth_message : t('Restricted access'),
      '#weight' => 3,
    );
    return $form;
  }
}


/**
 * Either inserts or updates an auth record for a node.
 */
function hosting_http_basic_auth_update($node) {
  db_merge('hosting_http_basic_auth')
    ->key(array('vid' => $node->vid))
    ->fields(array(
      'nid' => $node->nid,
      'username' => $node->http_basic_auth_username,
      'password' => $node->http_basic_auth_password,
      'message' => $node->http_basic_auth_message,
      'whitelist' => $node->http_basic_auth_whitelist,
    ))
    ->execute();
}

/**
 * Deletes an auth record for a node.
 */
function hosting_http_basic_auth_delete($node) {
  db_delete('hosting_http_basic_auth')
    ->condition('nid', $node->nid)
    ->execute();
}

/**
 * Implements hook_node_insert().
 */
function hosting_http_basic_auth_node_insert($node) {
  if ($node->type == 'site' && !empty($node->http_basic_auth_username)) {
    if (!isset($node->http_basic_auth_whitelist)) {
      $node->http_basic_auth_whitelist = '';
    }
    $id = db_insert('hosting_http_basic_auth')
    ->fields(array(
      'vid' => $node->vid,
      'nid' => $node->nid,
      'username' => $node->http_basic_auth_username,
      'password' => $node->http_basic_auth_password,
      'message' => $node->http_basic_auth_message,
      'whitelist' => $node->http_basic_auth_whitelist,
    ))
    ->execute();
  }
}

/**
 * Implements hook_node_update().
 */
function hosting_http_basic_auth_node_update($node) {
  if ($node->type == 'site') {
    if (!isset($node->http_basic_auth_whitelist)) {
      $node->http_basic_auth_whitelist = '';
    }

    $original = $node->original;
    // Compare old values with new.
    // If we had old values and the new are empty - we are deleting the auth.
    if(!empty($original->http_basic_auth_username) && empty($node->http_basic_auth_username)){
      hosting_http_basic_auth_delete($node);
    }
    // If the new values aren't empty, we will update accordingly.
    elseif(!empty($node->http_basic_auth_username)){
      hosting_http_basic_auth_update($node);
    }
  }
}

/**
 * Implements hook_node_delete().
 */
function hosting_http_basic_auth_node_delete($node) {
  if ($node->type == 'site') {
    hosting_http_basic_auth_delete($node);
  }
}

/**
 * Implements hook_node_validate().
 */
function hosting_http_basic_auth_node_validate($node) {
  if ($node->type == 'site') {
    if (!empty($node->http_basic_auth_username) && empty($node->http_basic_auth_password)) {
      form_set_error('http_basic_auth_password', t('You must specify a password for the HTTP basic authentication.'));
    }
    if (!empty($node->http_basic_auth_whitelist) && !preg_match('/^[0-9a-z \/\.:]+$/i', $node->http_basic_auth_whitelist)) {
      form_set_error('http_basic_auth_whitelist', t('The IP whitelist field contains illegal characters.'));
    }
  }
}

/**
 * Implements hook_node_load().
 */
function hosting_http_basic_auth_node_load($nodes, $types) {
  foreach ($nodes as $nid => $node) {
    if ($node->type == 'site') {
      $additions = db_query("SELECT username AS http_basic_auth_username, password AS http_basic_auth_password, message AS http_basic_auth_message, whitelist AS http_basic_auth_whitelist FROM {hosting_http_basic_auth} WHERE vid = :vid", array(':vid' => $node->vid))->fetchAssoc();
      if (!empty($additions)) {
        foreach ($additions as $key => $value) {
          $nodes[$nid]->$key = $value;
        }
      }
    }
  }
}


/**
 * Implements hook_feeds_node_processor_targets_alter().
 */
function hosting_http_basic_auth_feeds_node_processor_targets_alter(&$targets, $content_type) {
  if ($content_type == 'site') {
    $targets['http_basic_auth_username'] = array(
      'name' => t('HTTP Basic Auth - username'),
      'description' => t('Set this to enable HTTP basic auth on the site.'),
      'callback' => 'hosting_http_basic_auth_set_target_http_basic_auth_simple',
    );

    $targets['http_basic_auth_password'] = array(
      'name' => t('HTTP Basic Auth - password'),
      'description' => t('The password, this is not transferred securely and should be considered in the public domain.'),
      'callback' => 'hosting_http_basic_auth_set_target_http_basic_auth_simple',
    );

    $targets['http_basic_auth_message'] = array(
      'name' => t('HTTP Basic Auth - username'),
      'description' => t('A message to show when prompting the user for username and password.'),
      'callback' => 'hosting_http_basic_auth_set_target_http_basic_auth_message',
    );

    $targets['http_basic_auth_whitelist'] = array(
      'name' => t('HTTP Basic Auth - IP whitelist'),
      'description' => t('IPs that are whitelisted from the basic authentication.'),
      'callback' => 'hosting_http_basic_auth_set_target_http_basic_auth_simple',
    );

  }
}

/**
 * Mapping callback for feeds.
 */
function hosting_http_basic_auth_set_target_http_basic_auth_simple($node, $target, $value) {
  if (!empty($value)) {
    $node->$target = $value;
  }
}

/**
 * Mapping callback for feeds.
 */
function hosting_http_basic_auth_set_target_http_basic_auth_message($node, $target, $value) {
  $node->$target = !empty($value) ? $value : t('Restricted access');
}