
/*
 * Copyright 2017-present Open Networking Foundation

 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at

 * http://www.apache.org/licenses/LICENSE-2.0

 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


/**
 * httpServer - HTTP server for user's credential
 */
var express = require('express');
var path = require('path');
var http  = require('http');
var https = require('https');
var radiusOper = require('./startClient');
var body_parser = require('body-parser');
var os=require('os');
var ifaces = os.networkInterfaces();
var app = express();
var fs = require("fs");
var Promise=require('bluebird');
var execAsync=Promise.promisify(require('child_process').exec);
app.use(express.static(path.join(__dirname,'authwebapp')));

var config = {
    key: fs.readFileSync('./certs/server.key'),
    cert: fs.readFileSync('./certs/server.crt'),
    ca: fs.readFileSync('./certs/ca.crt'),
    requestCert: true,
    rejectUnauthorized: false
};

function natRecoverPkt(iface, ipAddr, port) {

    var cmd = 'ip6tables -w -t nat -D PREROUTING -i ' + iface +
      ' -p tcp --dport ' + port + ' -j DNAT  --to-destination ['
      + ipAddr + ']:' + port;
    var checkCmd = 'ip6tables -w -t nat -v -L PREROUTING';
    var check = 'to:[' + ipAddr + ']:' + port;

    console.log(checkCmd + ' to check ' + check);
    execAsync(checkCmd).then(function (result) {
        console.log("indexOf:" + result.indexOf(check));
        if (result.indexOf(check) > 0) {
            execAsync(cmd);
            console.log(cmd);
        }
        else {
            console.log("nat rule not exist.");
        }
    }, function (err) {console.error(err);});

}

function connDev(iface) {
    var cmd = 'ip6tables -w -D FORWARD -i ' + iface + ' -j DROP';
    var checkCmd = 'ip6tables -w -v -L FORWARD 1';
    var check = 'DROP       all      ' + iface;

    console.log(checkCmd + ' to check ' + check);
    execAsync(checkCmd).then(function (result) {
        console.log("indexOf:" + result.indexOf(check));
        if (result.indexOf(check) > 0) {
            execAsync(cmd);
            console.log(cmd);
        }
        else {
            console.log("Forward rule not exist.");
        }
    }, function (err) {console.error(err);});

}

function rmDnsRoute(ipAddr) {
    //delete blindly, minor side effect
    var cmd = 'route del ' + ipAddr;
    execAsync(cmd);
    console.log(cmd);
}

function pppoeRmRedirectPkt(ipAddr) {
    natRecoverPkt('eth1', ipAddr, '80');
    natRecoverPkt('eth1', ipAddr, '443');
    connDev('eth1');
    rmDnsRoute('8.8.8.8');
}

app.use(body_parser.json());
app.use(body_parser.urlencoded({ extended: true })); 

app.get('/', function (req, res) {
	
    console.log("===Please login.===" );
    execAsync('cat adminState.txt').then(function (result) {
        if (result.indexOf("enable") > 0)
        {
            res.sendFile(__dirname+'/authwebapp/login.html');
        }
        else
        {
            console.log("PPPoE disabled.");
            res.send('PPPoE disabled.');
        }
    }, function (err) {
        console.error(err);
    });
})

app.post('/',function(req,res){
    console.log("===post request===");
    var username = req.body.username;
    var password = req.body.password;
    console.log("===user:"+username+",pwd:"+password+"===");
	
    var data = radiusOper.verifyFun(username,password);
    data.then(function(result){        
        console.log("===verifyFun result:"+result+"===");
        if(result)
        {
            setTimeout(function(){
                console.log("enter timeout");     
                execAsync("ifconfig").then(function (result) {
                    console.log("result.indexOf :"+result.indexOf("ppp0"));
                    if(result.indexOf("ppp0") >= 0)
                    {
                        console.log("===PPPoE session has set up.===");
                        pppoeRmRedirectPkt(eh1ip);
                        res.setHeader("Access-Control-Allow-Origin", "*");
                        res.jsonp({'result':'Auth successfully!!'});
                    }
                    else
                    {
                        execAsync("poff -a");
                        console.log("===PPPoE session failed.===");
                        res.setHeader("Access-Control-Allow-Origin", "*");
                        res.jsonp({'result':'error!'});
                    }
                });
            },5000);    
        }
        else
        {
            execAsync("poff -a");
            console.log("===PPPoE session failed.===");
            res.setHeader("Access-Control-Allow-Origin", "*");
            res.jsonp({'result':'error!'});
        }
    });
});
 
var eh1ip='a';
var i = false;
ifaces['eth1'].forEach(function(details){
    if (details.family=='IPv6' && i == false) 
    {
        i = true;
        eh1ip = details.address;
        console.log('eh1ip:'+eh1ip);
    }
});

var httpPort = "80";
var httpsPort = "443";

http.createServer(app).listen(httpPort, eh1ip);
https.createServer(config, app).listen(httpsPort, eh1ip);

console.log("PPPoE Web Server listens on ports " + httpPort + " and " + httpsPort);