# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'ipaddr'
require 'json'
require 'rack'

require 'contrast/security_exception'
require 'contrast/utils/object_share'
require 'contrast/components/interface'
require 'contrast/utils/heap_dump_util'
require 'contrast/agent/request_handler'
require 'contrast/agent/static_analysis'

require 'contrast/utils/timer'

module Contrast
  module Agent
    # This class allows the Agent to plug into the Rack middleware stack. When the application is first started, we
    # initialize ourselves as a rack middleware inside of #initialize. Afterwards, we process each http request and
    # response as it goes through the middleware stack inside of #call.
    class Middleware
      include Contrast::Components::Interface
      access_component :agent, :config, :logging, :scope, :settings

      attr_reader :app

      # Allows the Agent to function as a middleware. We perform all our one-time whole-app routines in here since
      # we're only going to be initialized a single time. Our initialization order is:
      # - capture the application
      # - setup the Agent
      # - startup the Agent
      #
      # @param app [Rack::Application] the application to be instrumented
      # @param _legacy_param [nil] was a flag we no longer need, but Sinatra may call it
      def initialize app, _legacy_param = nil
        @app = app  # THIS MUST BE FIRST AND ALWAYS SET!
        setup_agent # THIS MUST BE SECOND AND ALWAYS CALLED!
        unless AGENT.enabled?
          logger.error(
              'The Agent was unable to initialize before the application middleware was initialized. ' \
              'Disabling permanently.')
          AGENT.disable! # ensure the agent is disabled (probably redundant)
          return
        end
        agent_startup_routine
      end

      # This is where we're hooked into the middleware stack. If the agent is enabled, we're ready to do some
      # processing on a per request basis. If not, we just pass the request along to the next middleware in the stack.
      #
      # @param env [Hash] the various variables stored by this and other Middlewares to know the state and values of
      #   this Request
      # @return [Array,Rack::Response] the Response of this and subsequent Middlewares to be passed back to the user up
      #   the Rack framework.
      def call env
        return app.call(env) unless AGENT.enabled?

        Contrast::Agent.heapdump_util.start_thread!
        handle_first_request
        call_with_agent(env)
      end

      private

      def setup_agent
        SETTINGS.reset_state

        inform_deprecations

        if CONFIG.invalid?
          AGENT.disable!
          logger.error('!!! CONFIG FILE IS INVALID - DISABLING CONTRAST AGENT !!!')
        elsif AGENT.disabled?
          logger.warn('Contrast disabled by configuration. Continuing without instrumentation.')
        else
          AGENT.enable!
        end
      end

      # Startup the Agent as part of the initialization process:
      # - start the service sending thread, responsible for sending and processing messages
      # - start the heartbeat thread, which triggers service startup
      # - start instrumenting libraries and do a 'catchup' patch for everything we didn't see get loaded
      # - enable TracePoint, which handles all class loads and required instrumentation going forward
      def agent_startup_routine
        logger.debug_with_time('middleware: starting service') do
          Contrast::Agent.thread_watcher.ensure_running?
        end

        logger.debug_with_time('middleware: instrument shared libraries and patch') do
          Contrast::Agent::Patching::Policy::Patcher.patch
        end

        logger.debug_with_time('middleware: enabling tracepoint') do
          AGENT.enable_tracepoint
        end
        Contrast::Agent::AtExitHook.exit_hook
      end

      # Some things have to wait until first request to happen, either because resolution is not complete or because
      # the framework will preload classes, which confuses some of our instrumentation.
      def handle_first_request
        @_handle_first_request ||= begin
          Contrast::Agent::StaticAnalysis.catchup
          true
        end
      end

      # This is where we process each request we intercept as a middleware. We make the request context available
      # globally so that it can be accessed from anywhere. A RequestHandler object is made for each request, which
      # handles prefilter and postfilter operations.
      # @param env [Hash] the various variables stored by this and other Middlewares to know the state and values of
      #   this Request
      # @return [Array,Rack::Response] the Response of this and subsequent Middlewares to be passed back to the user
      #   up the Rack framework.
      def call_with_agent env
        Contrast::Agent.thread_watcher.ensure_running?
        framework_request = Contrast::Agent.framework_manager.retrieve_request(env)
        context = Contrast::Agent::RequestContext.new(framework_request)
        response = nil

        # Make the context available for the lifecycle of this request.
        Contrast::Agent::REQUEST_TRACKER.lifespan(context) do
          logger.request_start
          request_handler = Contrast::Agent::RequestHandler.new(context)

          pre_call_with_agent(context, request_handler)
          response = application_code(env)
          post_call_with_agent(context, env, request_handler, response)
        ensure
          logger.request_end
        end

        response
      rescue StandardError => e
        handle_exception(e)
      end

      # Handle the operations the Agent needs to accomplish prior to the Application code executing during this
      # request.
      #
      # @param context [Contrast::Agent::RequestContext]
      # @param request_handler [Contrast::Agent::RequestHandler]
      def pre_call_with_agent context, request_handler
        with_contrast_scope do
          context.service_extract_request
          request_handler.ruleset.prefilter
        end
      rescue StandardError => e
        raise e if security_exception?(e)

        logger.error('Unable to execute agent pre_call', e)
      end

      # Handle the operations the Agent needs to accomplish after the Application code executes during this request.
      #
      # @param context [Contrast::Agent::RequestContext]
      # @param env [Hash] the various variables stored by this and other Middlewares to know the state and values of
      #   this Request
      # @param request_handler [Contrast::Agent::RequestHandler]
      # @param response [Array,Rack::Response]
      def post_call_with_agent context, env, request_handler, response
        with_contrast_scope do
          context.extract_after(response) # update context with final response information

          if Contrast::Agent.framework_manager.streaming?(env)
            context.reset_activity
            request_handler.stream_safe_postfilter
          else
            request_handler.ruleset.postfilter
            request_handler.send_activity_messages
          end
        end
      rescue StandardError => e
        raise e if security_exception?(e)

        logger.error('Unable to execute agent post_call', e)
      end

      def application_code env
        logger.trace_with_time('application') do
          app.call(env)
        end
      rescue Contrast::SecurityException => e
        logger.trace('Security Exception raised during application lifecycle to prevent an attack', e)
        raise e
      end

      SECURITY_EXCEPTION_MARKER = 'Contrast::SecurityException'
      # We're only going to suppress SecurityExceptions indicating a blocked attack. And, only if the
      # config.agent.ruby.exceptions.capture? is set
      def handle_exception exception
        if security_exception?(exception)
          exception_control = AGENT.exception_control
          raise exception unless exception_control[:enable]

          [exception_control[:status], {}, [exception_control[:message]]]
        else
          logger.debug('Re-throwing original error', exception)
          raise exception
        end
      end

      # Is the given exception one raised by our Protect code?
      #
      # @param exception [Exception]
      # @return [Boolean]
      def security_exception? exception
        exception.is_a?(Contrast::SecurityException) ||
            exception.message&.include?(SECURITY_EXCEPTION_MARKER)
      end

      # As we deprecate support to prepare to remove dead code, we need to inform our users still relying on the now
      # deprecated and soon to be removed functionality. This method handles doing that by leveraging the standard
      # Kernel#warn approach
      def inform_deprecations
        # Ruby 2.5 is currently in security maintenance, meaning int is only receiving updates for security issues. It
        # will move to eol on 31 March 2021. As such, we can remove support for it in Q3. We'll begin the deprecation
        # warnings now so that customers have time to reach out if they'll be impacted.
        # TODO: RUBY-715 remove this part of the method, leaving it empty if there are no other deprecations, when we
        #   drop 2.5 support.
        return unless RUBY_VERSION < '2.6.0'

        Kernel.warn('[Contrast Security] [DEPRECATION] Support for Ruby 2.5 will be removed in April 2021. '\
                    'Please contact Customer Support prior if you require continued support.')
      end
    end
  end
end