<?php
/**
 * Proxy Controller file.
 *
 * Implements the proxyUrl endpoint for C2S clients to fetch remote ActivityPub objects.
 *
 * @package Activitypub
 * @see https://www.w3.org/wiki/ActivityPub/Primer/proxyUrl_endpoint
 */

namespace Activitypub\Rest;

use Activitypub\Collection\Remote_Actors;
use Activitypub\Http;
use Activitypub\Webfinger;

use function Activitypub\is_actor;

/**
 * Proxy Controller.
 *
 * Provides a bridge between C2S OAuth authentication and S2S HTTP Signature authentication.
 * Allows C2S clients to fetch remote ActivityPub objects through their home server.
 */
class Proxy_Controller extends \WP_REST_Controller {
	use Event_Stream;
	use Verification;

	/**
	 * The namespace of this controller's route.
	 *
	 * @var string
	 */
	protected $namespace = ACTIVITYPUB_REST_NAMESPACE;

	/**
	 * The base of this controller's route.
	 *
	 * @var string
	 */
	protected $rest_base = 'proxy';

	/**
	 * Register routes.
	 */
	public function register_routes() {
		\register_rest_route(
			$this->namespace,
			'/' . $this->rest_base,
			array(
				array(
					'methods'             => \WP_REST_Server::CREATABLE,
					'callback'            => array( $this, 'create_item' ),
					'permission_callback' => array( $this, 'verify_authentication' ),
					'args'                => array(
						'id' => array(
							'description'       => 'The remote ActivityPub object to fetch: an HTTPS URL or an acct identifier (`user@host`, `@user@host`, or `acct:user@host`).',
							'type'              => 'string',
							'required'          => true,
							'sanitize_callback' => array( $this, 'sanitize_url' ),
							'validate_callback' => array( $this, 'validate_url' ),
						),
					),
				),
				'schema' => array( $this, 'get_item_schema' ),
			)
		);

		\register_rest_route(
			$this->namespace,
			'/' . $this->rest_base . '/stream',
			array(
				array(
					'methods'             => \WP_REST_Server::READABLE,
					'callback'            => array( $this, 'get_stream' ),
					'permission_callback' => array( $this, 'get_stream_permissions_check' ),
					'args'                => array(
						'id' => array(
							'description'       => 'The remote actor identifier (URL or WebFinger acct) whose eventStream to proxy.',
							'type'              => 'string',
							'required'          => true,
							'sanitize_callback' => array( $this, 'sanitize_url' ),
							'validate_callback' => array( $this, 'validate_url' ),
						),
					),
				),
			)
		);
	}

	/**
	 * Sanitize the `id` parameter.
	 *
	 * Accepts either an HTTPS URL or an acct identifier (`user@host`,
	 * `@user@host`, or `acct:user@host`). Acct identifiers are returned
	 * as-is; URLs are run through `sanitize_url()`. Matches the dual-shape
	 * contract of `Remote_Actors::fetch_by_various()`.
	 *
	 * @see https://developer.wordpress.org/reference/functions/sanitize_url/
	 *
	 * @param string $url The urlencoded URL or acct identifier to sanitize.
	 * @return string The sanitized value.
	 */
	public function sanitize_url( $url ) {
		$decoded = \urldecode( $url );

		if ( Webfinger::is_acct( $decoded ) ) {
			return $decoded;
		}

		return \sanitize_url( $decoded );
	}

	/**
	 * Validate the `id` parameter.
	 *
	 * Accepts either an HTTPS URL (validated via `wp_http_validate_url()`,
	 * which blocks local/private IPs and restricts ports) or an acct
	 * identifier in any of the forms accepted by `Webfinger::is_acct()`:
	 * `user@host`, `@user@host`, or `acct:user@host`. Matches the
	 * dual-shape contract of `Remote_Actors::fetch_by_various()`.
	 *
	 * @see https://developer.wordpress.org/reference/functions/wp_http_validate_url/
	 *
	 * @param string $url The URL or acct identifier to validate.
	 * @return bool True if valid, false otherwise.
	 */
	public function validate_url( $url ) {
		$decoded_url = \urldecode( $url );

		if ( Webfinger::is_acct( $decoded_url ) ) {
			return true;
		}

		// Must be HTTPS.
		if ( 'https' !== \wp_parse_url( $decoded_url, PHP_URL_SCHEME ) ) {
			return false;
		}

		// Use WordPress built-in validation (blocks local IPs, restricts ports).
		return (bool) \wp_http_validate_url( $decoded_url );
	}

	/**
	 * Fetch a remote ActivityPub object via the proxy.
	 *
	 * @see https://www.w3.org/wiki/ActivityPub/Primer/proxyUrl_endpoint
	 *
	 * @param \WP_REST_Request $request Full details about the request.
	 * @return \WP_REST_Response|\WP_Error Response object on success, WP_Error on failure.
	 */
	public function create_item( $request ) {
		// Rate-limit proxy requests (max 30 per minute per user).
		$user_id       = \get_current_user_id();
		$transient_key = 'ap_proxy_' . $user_id;
		$count         = (int) \get_transient( $transient_key );

		if ( $count >= 30 ) {
			return new \WP_Error(
				'activitypub_rate_limit',
				\__( 'Too many proxy requests. Please try again later.', 'activitypub' ),
				array( 'status' => 429 )
			);
		}

		\set_transient( $transient_key, $count + 1, MINUTE_IN_SECONDS );

		$url = $request->get_param( 'id' );

		// Try to fetch as an actor first using Remote_Actors which handles caching.
		$post = Remote_Actors::fetch_by_various( $url );

		if ( ! \is_wp_error( $post ) ) {
			$actor = Remote_Actors::get_actor( $post );

			if ( ! \is_wp_error( $actor ) ) {
				$response = new \WP_REST_Response( $actor->to_array(), 200 );
				$response->header( 'Content-Type', 'application/activity+json; charset=' . \get_option( 'blog_charset' ) );

				return $response;
			}
		}

		// Fall back to fetching as a generic object.
		$object = Http::get_remote_object( $url );

		if ( \is_wp_error( $object ) ) {
			return new \WP_Error(
				'activitypub_fetch_failed',
				\__( 'Failed to fetch the remote object.', 'activitypub' ),
				array( 'status' => 502 )
			);
		}

		// If it's an actor, store it for future use.
		if ( is_actor( $object ) ) {
			Remote_Actors::upsert( $object );
		}

		$response = new \WP_REST_Response( $object, 200 );
		$response->header( 'Content-Type', 'application/activity+json; charset=' . \get_option( 'blog_charset' ) );

		return $response;
	}

	/**
	 * Get the schema for the proxy endpoint.
	 *
	 * @return array Schema array.
	 */
	public function get_item_schema() {
		return array(
			'$schema'    => 'http://json-schema.org/draft-04/schema#',
			'title'      => 'proxy',
			'type'       => 'object',
			'properties' => array(
				'id' => array(
					'description' => \__( 'The URI of the remote ActivityPub object.', 'activitypub' ),
					'type'        => 'string',
					'format'      => 'uri',
					'context'     => array( 'view' ),
				),
			),
		);
	}

	/**
	 * Proxy a remote eventStream.
	 *
	 * Fetches the remote object to discover its eventStream URL,
	 * then opens a streaming connection and relays SSE events.
	 *
	 * @param \WP_REST_Request $request Full details about the request.
	 *
	 * @return \WP_Error|void WP_Error on failure, exits on success.
	 */
	public function get_stream( $request ) {
		$remote_id = $request->get_param( 'id' );

		$object = Http::get_remote_object( $remote_id );

		if ( \is_wp_error( $object ) ) {
			return new \WP_Error(
				'activitypub_proxy_fetch_failed',
				\__( 'Failed to fetch the remote object.', 'activitypub' ),
				array( 'status' => 502 )
			);
		}

		$stream_url = isset( $object['eventStream'] ) ? $object['eventStream'] : null;

		if ( ! $stream_url ) {
			return new \WP_Error(
				'activitypub_no_event_stream',
				\__( 'The remote object does not advertise an eventStream.', 'activitypub' ),
				array( 'status' => 404 )
			);
		}

		if ( ! $this->validate_url( $stream_url ) ) {
			return new \WP_Error(
				'activitypub_invalid_event_stream',
				\__( 'The remote eventStream URL is not valid.', 'activitypub' ),
				array( 'status' => 400 )
			);
		}

		$this->relay_remote_stream( $stream_url );
	}
}