# frozen_string_literal: true

require_relative 'model'
require_relative 'fixture'
require_relative '../../service/api/cisa_kev'

class App
  desc 'Manage vulnerabilities'
  command :vulnerability do |c|
    c.flag :id, desc: 'Unique ID', type: Integer
    c.flag :name, desc: 'Name'
    c.desc 'List vulnerabilities'

    c.command :list do |l|
      l.switch [:utr], desc: 'UTR vulnerability only'

      l.action do |_global_options, options, _args|
        name = options[GLI::Command::PARENT][:name]&.downcase
        utr = options[:utr]
        App.api.fetch_vulnerabilities do |vulnerability|
          next if name && !vulnerability.name.downcase.include?(name)
          next if utr && !vulnerability.utr?

          puts vulnerability.to_json
        end
      end
    end

    c.desc 'List UTR vulnerabilities from cmdb'
    c.command :utr_from_cmdb do |ldb|
      ldb.action do |_global_options, options, _args|
        name = options[GLI::Command::PARENT][:name]&.downcase
        App.db.fetch_utr_vulnerability_from_cmdb do |vulnerability|
          next if name && !vulnerability.name.downcase.include?(name)

          puts vulnerability.to_json
        end
      end
    end

    c.desc 'List CISA KEV vulnerabilities from website'
    c.command :cisa_kev_list do |ckl|
      ckl.action do |_global_options, _options, _args|
        # name = options[GLI::Command::PARENT][:name]&.downcase
        CisaKevApi.fetch_vulnerabilities do |vulnerability|
          # next if name && !vulnerability.name.downcase.include?(name)
          puts vulnerability.to_json
        end
      end
    end

    c.desc 'Save CISA KEV vulnerabilities in PostgreSQL database'
    c.command :cisa_kev_save do |sdb|
      sdb.action do |_global_options, _options, _args|
        CisaKevApi.fetch_vulnerabilities do |vulnerability|
          puts vulnerability.to_json
          App.db.save_cisa_kev(vulnerability)
        end
      end
    end

    c.desc 'Get vulnerability by id'
    c.command :get do |g|
      g.action do |_global_options, options, _args|
        id = options[GLI::Command::PARENT][:id]
        puts "TODO get vulnerability id #{id}"
      end
    end

    c.desc 'List scan schedules'
    c.command :scan_schedules do |g|
      # TODO: add the switch
      # g.switch [:enabled], desc: 'Only enabled schedules', default_value: nil, negatable: true
      g.action do |_global_options, options, _args|
        vulnerability_id = options[GLI::Command::PARENT][:id]
        enabled = options[:enabled]
        puts enabled
        raise 'Vulnerability ID is required' if vulnerability_id.nil?

        App.api.fetch_vulnerability_scan_schedules(vulnerability_id:) do |schedule|
          puts schedule.to_json # if enabled.nil? || enabled == schedule.enabled
        end
      end
    end

    c.desc 'Upload vulnerability with second step'
    c.command :upload_vulnerability_with_second_step do |l|
      l.flag :spreadsheet, desc: 'Excel spreasheet'
      l.action do |_global_options, options, _args|
        spreadsheet = options[:spreadsheet]
        raise 'You must provide the /path/to/spreadsheet.xlsx' if spreadsheet.nil?

        vulns = App.api.fetch_vulnerability_with_second_step(
          spreadsheet,
          tabsheet_name: 'vulnerability_with_second_step'
        )
        puts "Saving #{vulns.length} vulnerabilities ..."
        App.db.save_vulnerability_with_second_step(vulns)
      end
    end

    c.desc 'Create vulnerabilities for business unit'
    c.command :new do |n|
      n.flag [:bu, :business_unit, 'business-unit'], desc: 'Business unit'
      n.switch ['starts-discovery', :starts_discovery], desc: 'Starts a discovery scan for each vulnerability',
                                                        default_value: true

      n.action do |_global_options, options, _args|
        business_unit = options[:business_unit]
        if business_unit.nil?
          puts 'Cannot create a new vulnerability without the business unit name.'
          exit
        end
        starts_discovery = options[:starts_discovery]
        puts 'Fetching assets from CMDB ...'
        cmdb_assets = App.db.fetch_cmdb_assets
        App.api.create_utr_vulnerabilities_for(
          business_unit:,
          cmdb_assets:,
          starts_discovery:
        )
      end
    end

    c.desc 'Delete vulnerability by id or name'
    c.command :delete do |d|
      d.action do |_global_options, options, _args|
        site_idte_idte_idte_id = options[GLI::Command::PARENT][:id]
        name = options[GLI::Command::PARENT][:name]
        App.api.delete_vulnerability_by site_idte_idte_idte_id:, name:
      end
    end

    c.desc 'Starts a discovery scan for the vulnerability'
    c.command :starts_discovery_scan do |d|
      d.action do |_global_options, options, _args|
        vulnerability_id = options[GLI::Command::PARENT][:id]
        raise 'You must specify the vulnerability id.' if vulnerability_id.nil?

        App.api.starts_discovery_scan(vulnerability_id:)
      end
    end

    c.desc 'Delete all UTR vulnerabilities'
    c.command :delete_utr_vulnerabilities do |d|
      d.action do |_global_options, _options, _args|
        App.api.delete_utr_vulnerabilities
      end
    end
  end
end