# XXX This code is not yet ready to be run in production, and should remain disabled until such
# XXX time as this notice is removed.

import logging

from flask import Blueprint, make_response, url_for, request
from functools import wraps
from urlparse import urlparse

from app import metric_queue
from endpoints.decorators import anon_protect, anon_allowed
from auth.jwt_auth import process_jwt_auth
from auth.auth_context import get_grant_user_context
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
                              AdministerRepositoryPermission)
from data import model
from util.http import abort
from util.saas.metricqueue import time_blueprint


logger = logging.getLogger(__name__)
v2_bp = Blueprint('v2', __name__)

time_blueprint(v2_bp, metric_queue)

def _require_repo_permission(permission_class, allow_public=False):
  def wrapper(func):
    @wraps(func)
    def wrapped(namespace, repo_name, *args, **kwargs):
      logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace, repo_name)
      permission = permission_class(namespace, repo_name)
      if (permission.can() or
          (allow_public and
           model.repository.repository_is_public(namespace, repo_name))):
        return func(namespace, repo_name, *args, **kwargs)
      raise abort(401)
    return wrapped
  return wrapper


require_repo_read = _require_repo_permission(ReadRepositoryPermission, True)
require_repo_write = _require_repo_permission(ModifyRepositoryPermission)
require_repo_admin = _require_repo_permission(AdministerRepositoryPermission)


def get_input_stream(flask_request):
  if flask_request.headers.get('transfer-encoding') == 'chunked':
    return flask_request.environ['wsgi.input']
  return flask_request.stream


@v2_bp.route('/')
@process_jwt_auth
@anon_allowed
def v2_support_enabled():
  response = make_response('true', 200)

  if get_grant_user_context() is None:
    response = make_response('true', 401)
    realm_hostname = urlparse(request.url).netloc
    realm_auth_path = url_for('v2.generate_registry_jwt')
    authenticate = 'Bearer realm="{0}{1}",service="quay"'.format(realm_hostname, realm_auth_path)
    response.headers['WWW-Authenticate'] = authenticate

  response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
  return response


from endpoints.v2 import v2auth
from endpoints.v2 import manifest
from endpoints.v2 import blob