# frozen_string_literal: true

require "dry/configurable"

module Hanami
  class Config
    # Hanami actions config
    #
    # This exposes all the settings from the standalone `Hanami::Action` class, pre-configured with
    # sensible defaults for actions within a full Hanami app. It also provides additional settings
    # for further integration of actions with other full stack app components.
    #
    # @since 2.0.0
    # @api public
    class Actions
      include Dry::Configurable

      # @!attribute [rw] cookies
      #   Sets or returns a hash of cookie options for actions.
      #
      #   The hash is wrapped by {Hanami::Config::Actions::Cookies}, which also provides an
      #   `enabled?` method, returning true in the case of any options provided.
      #
      #   @example
      #     config.actions.cookies = {max_age: 300}
      #
      #   @return [Hanami::Config::Actions::Cookies]
      #
      #   @api public
      #   @since 2.0.0
      setting :cookies, default: {}, constructor: -> options { Cookies.new(options) }

      # @!attribute [rw] sessions
      #   Sets or returns the session store (and its options) for actions.
      #
      #   The given values are taken as an argument list to be passed to {Config::Sessions#initialize}.
      #
      #   The configured session store is used when setting up the app or slice
      #   {Slice::ClassMethods#router router}.
      #
      #   @example
      #     config.actions.sessions = :cookie, {secret: "xyz"}
      #
      #   @return [Config::Sessions]
      #
      #   @see Config::Sessions
      #   @see Slice::ClassMethods#router
      #
      #   @api public
      #   @since 2.0.0
      setting :sessions, constructor: proc { |storage, *options| Sessions.new(storage, *options) }

      # @!attribute [rw] csrf_protection
      #   Sets or returns whether CSRF protection should be enabled for action classes.
      #
      #   Defaults to true if {#sessions} is enabled. You can override this by explicitly setting a
      #   true or false value.
      #
      #   When true, this will include `Hanami::Action::CSRFProtection` in all action classes.
      #
      #   @return [Boolean]
      #
      #   @api public
      #   @since 2.0.0
      setting :csrf_protection

      # Returns the Content Security Policy config for actions.
      #
      # The resulting policy is set as a default `"Content-Security-Policy"` response header.
      #
      # @return [Hanami::Config::Actions::ContentSecurityPolicy]
      #
      # @api public
      # @since 2.0.0
      attr_accessor :content_security_policy

      # The following settings are for view and assets integration with actions, and are NOT
      # publicly released as of 2.0.0. We'll make full documentation available when these become
      # public in a subsequent release.

      # @!attribute [rw] name_inference_base
      #   @api private
      setting :name_inference_base, default: "actions"

      # @!attribute [rw] view_context_identifier
      #   @api private
      setting :view_context_identifier, default: "views.context"

      # @!attribute [rw] view_name_inferrer
      #   @api private
      setting :view_name_inferrer, default: Slice::ViewNameInferrer

      # @!attribute [rw] view_name_inference_base
      #   @api private
      setting :view_name_inference_base, default: "views"

      # @api private
      attr_reader :base_config
      protected :base_config

      # @api private
      def initialize(*, **options)
        super()

        @base_config = Hanami::Action.config.dup
        @content_security_policy = ContentSecurityPolicy.new do |csp|
          if assets_server_url = options[:assets_server_url]
            csp[:script_src] += " #{assets_server_url}"
            csp[:style_src] += " #{assets_server_url}"
          end
        end

        configure_defaults
      end

      # @api private
      def initialize_copy(source)
        super
        @base_config = source.base_config.dup
        @content_security_policy = source.content_security_policy.dup
      end
      private :initialize_copy

      # @api private
      def finalize!
        # A nil value for `csrf_protection` means it has not been explicitly configured
        # (neither true nor false), so we can default it to whether sessions are enabled
        self.csrf_protection = sessions.enabled? if csrf_protection.nil?

        if content_security_policy
          default_headers["Content-Security-Policy"] = content_security_policy.to_s
        end
      end

      private

      # Apply defaults for base config
      def configure_defaults
        self.default_request_format = :html
        self.default_response_format = :html

        self.default_headers = {
          "X-Frame-Options" => "DENY",
          "X-Content-Type-Options" => "nosniff",
          "X-XSS-Protection" => "1; mode=block"
        }
      end

      def method_missing(name, *args, &block)
        if config.respond_to?(name)
          config.public_send(name, *args, &block)
        elsif base_config.respond_to?(name)
          base_config.public_send(name, *args, &block)
        else
          super
        end
      end

      def respond_to_missing?(name, _incude_all = false)
        config.respond_to?(name) || base_config.respond_to?(name) || super
      end
    end
  end
end