const path = require('path');
const crypto = require('crypto');
const express = require('express');

const app = express();
const PORT = process.env.PORT || 3000;

// Our independent Bunny CDN pull zone — reads from same storage as Rok's,
// but with our own SecurityKey and our own tokenization.
const BUNNY_HOST = 'https://folxlive.b-cdn.net';
const BUNNY_KEY = process.env.BUNNY_SECURITY_KEY || '492fb7b3-8a1d-4a78-8e9e-fae8c07af195';
const TOKEN_TTL = parseInt(process.env.TOKEN_TTL || '14400', 10); // 4 hours default

function signBunnyUrl(urlPath, expiresInSeconds = TOKEN_TTL) {
  const expires = Math.floor(Date.now() / 1000) + expiresInSeconds;
  const hash = crypto.createHash('sha256').update(BUNNY_KEY + urlPath + expires).digest();
  const token = hash.toString('base64')
    .replace(/\+/g, '-')
    .replace(/\//g, '_')
    .replace(/=+$/, '');
  return { token, expires, url: `${BUNNY_HOST}${urlPath}?token=${token}&expires=${expires}` };
}

// Map stream number → CDN path. CDN serves rewritten/tokenized version of master.
// /live/stream1_master.m3u8 has variant URLs already pointing to folxplay.b-cdn.net (with tokens).
// We fetch this, then rewrite folxplay → folxlive with our own tokens.
function getMasterCdnPath(n) {
  return `/live/stream${n}_master.m3u8`;
}

app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, '..', 'views'));

app.use(express.static(path.join(__dirname, '..', 'public'), {
  maxAge: '1h',
  etag: true,
}));

app.get('/', (_req, res) => {
  // Use our proxy route for the player — it always returns fresh tokens
  res.render('index', { hlsUrl: '/stream/1/master.m3u8' });
});

app.get('/test-embed', (_req, res) => {
  res.render('test-embed');
});

/**
 * Master proxy: fetches raw master from our Bunny zone, rewrites variant URLs to point
 * to our zone with our tokens (4-hour TTL), and serves the result.
 *
 * GET /stream/:n/master.m3u8
 *   Returns rewritten master.m3u8 with all variant URLs pointing to folxlive.b-cdn.net
 *   with fresh tokens (4 hours).
 */
app.get('/stream/:n/master.m3u8', async (req, res) => {
  const n = req.params.n;
  if (!/^[1-6]$/.test(n)) return res.status(400).send('Invalid stream number');

  const masterCdnPath = getMasterCdnPath(n);
  const { url: signedMasterUrl } = signBunnyUrl(masterCdnPath, 600); // short TTL on internal fetch

  try {
    const response = await fetch(signedMasterUrl, {
      headers: { 'User-Agent': 'folx-live-proxy/1.0' },
    });
    if (!response.ok) {
      console.error(`[stream/${n}] origin ${response.status}: ${signedMasterUrl}`);
      return res.status(502).send(`Origin returned ${response.status}`);
    }
    let text = await response.text();

    // Rewrite variant URLs from folxplay → folxlive zone, replacing CDN-edge-script tokens
    // with our own tokens (4-hour TTL):
    //   https://folxplay.b-cdn.net/live/stream1_1080p.m3u8?token=ABC&expires=N
    // → https://folxlive.b-cdn.net/live/stream1_1080p.m3u8?token=OURXYZ&expires=M
    text = text.replace(
      /https:\/\/folxplay\.b-cdn\.net(\/[^\s?]+\.m3u8)(?:\?[^\s]*)?/g,
      (_match, urlPath) => {
        const { url } = signBunnyUrl(urlPath, TOKEN_TTL);
        return url;
      }
    );

    res.set({
      'Content-Type': 'application/vnd.apple.mpegurl',
      'Cache-Control': 'no-cache, no-store, must-revalidate',
      'Access-Control-Allow-Origin': '*',
    });
    res.send(text);
  } catch (err) {
    console.error(`[stream/${n}] error:`, err.message);
    res.status(502).send('Upstream error');
  }
});

/**
 * Variant proxy: fetches a variant manifest (e.g. stream_1080p.m3u8) and rewrites .ts URLs
 * to absolute folxlive paths (no token needed for .ts thanks to edge rule).
 *
 * Actually — variant manifests use relative paths so we don't need to rewrite anything.
 * Player will resolve them against folxlive.b-cdn.net which is correct.
 *
 * So we just redirect to the signed origin URL with our token.
 */
app.get('/stream/:n/variant/:filename', (req, res) => {
  const n = req.params.n;
  const filename = req.params.filename;
  if (!/^[1-6]$/.test(n)) return res.status(400).send('Invalid stream number');
  if (!/^stream(\d+)?_\d+p\.m3u8$/.test(filename)) return res.status(400).send('Invalid variant');
  const variantPath = `/live/${filename}`;
  const { url } = signBunnyUrl(variantPath, TOKEN_TTL);
  res.redirect(302, url);
});

app.get('/api/health', (_req, res) => {
  res.json({
    ok: true,
    host: BUNNY_HOST,
    tokenTtlSeconds: TOKEN_TTL,
    ts: Date.now(),
  });
});

app.listen(PORT, () => {
  console.log(`[folx-live] listening on :${PORT}`);
  console.log(`[folx-live] CDN host: ${BUNNY_HOST}`);
  console.log(`[folx-live] Token TTL: ${TOKEN_TTL}s (${TOKEN_TTL / 3600}h)`);
});