local https = require "ssl.https"
local ltn12 = require "ltn12"
local json = require 'lunajson'
local redis = require "resty.redis"
local http = require("resty.http")

local k8s_url = ""
local kube_host = os.getenv("KUBERNETES_SERVICE_HOST")
local kube_port = os.getenv("KUBERNETES_SERVICE_PORT_HTTPS")
local endpoint = os.getenv("ENDPOINT")
local arg = ngx.req.get_uri_args()

function convert_table_to_string(table)
  local str = ""
  for k,v in pairs(table) do
    str = str .. k .. " => " .. v .. "\n"
  end
  return str
end

function check_table_key_exists(table, key)
  for k,v in pairs(table) do
    if k == key then
      return true
    end
  end
  return false
end

if kube_host and kube_host ~= "" then
  local port_suffix = ""
  if kube_port and kube_port ~= "" then
    port_suffix = ":" .. kube_port
  end
  k8s_url = "https://" .. kube_host .. port_suffix
else
  k8s_url = endpoint or ""
end

local req_headers = ngx.req.get_headers()
local target = arg["target"] or req_headers["x-k8s-target"] or req_headers["X-K8S-Target"]
if target and target ~= "" then
  if not string.match(target, "^https?://") then
    target = "https://" .. target
  end
  k8s_url = string.gsub(target, "/+$", "")
end

if k8s_url == "" then
  ngx.status = 500
  ngx.say("Missing Kubernetes endpoint configuration. Set KUBERNETES_SERVICE_HOST or ENDPOINT.")
  ngx.exit(ngx.OK)
end

if not string.match(k8s_url, "^https?://") then
  k8s_url = "https://" .. k8s_url
end

k8s_url = string.gsub(k8s_url, "/+$", "")

local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
local token = ""

if header_token and header_token ~= "" then
  token = header_token
else
  token = tostring(os.getenv("TOKEN") or "")
end

if token == "" then
  local f = io.open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r")
  if f then
    token = f:read("*a") or ""
    token = token:gsub("%s+$", "")
    f:close()
  end
end

if token == "" then
  ngx.status = 500
  ngx.say("Missing Kubernetes API token configuration.")
  ngx.exit(ngx.OK)
end

local ca_cert_b64 = req_headers["x-k8s-ca-cert-b64"] or req_headers["X-K8S-CA-CERT-B64"]
local ca_cert = nil
if ca_cert_b64 and ca_cert_b64 ~= "" then
  ca_cert = ngx.decode_base64(ca_cert_b64)
end

local disable_tls_env = string.lower(tostring(os.getenv("DISABLE_TLS") or "false"))
local disable_tls = disable_tls_env == "true" or disable_tls_env == "1" or disable_tls_env == "yes"

local namespace = arg["namespace"]
if not namespace or namespace == "" then
  ngx.status = 400
  ngx.say("Missing required query parameter: namespace")
  ngx.exit(ngx.OK)
end

local url = k8s_url .. "/apis/networking.k8s.io/v1/namespaces/" .. namespace .. "/ingresses"
local decoded = nil
local host_list = {}

ngx.header['Access-Control-Allow-Origin'] = '*'
ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
ngx.header['Access-Control-Allow-Headers'] = 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'
ngx.header['Access-Control-Expose-Headers'] = 'Content-Length,Content-Range';

ngx.log(ngx.INFO, "Requesting nodes using this url: " .. url)

local resp = {}
local request_opts = {
  url = url,
  method = "GET",
  headers = {
    ["Accept"] = "application/json",
    ["Content-Type"] = "application/json",
    ["Authorization"] = "Bearer " .. token
  },
  verify = disable_tls and "none" or "peer",
  sink = ltn12.sink.table(resp)
}

if not disable_tls and ca_cert and ca_cert ~= "" then
  local ca_file_path = "/tmp/kubeinv-custom-ca.crt"
  local ca_file = io.open(ca_file_path, "w")
  if ca_file then
    ca_file:write(ca_cert)
    ca_file:close()
    request_opts.cafile = ca_file_path
  end
end

local ok, statusCode, response_headers, statusText = https.request(request_opts)
if not ok then
  ngx.status = tonumber(statusCode) or 502
  ngx.say("[]")
  return
end

local decode_ok, decoded_payload = pcall(json.decode, table.concat(resp))
if not decode_ok or type(decoded_payload) ~= "table" then
  ngx.status = 502
  ngx.say("[]")
  return
end

decoded = decoded_payload
ngx.log(ngx.ERR, "Decoded: " .. json.encode(decoded))

if type(decoded["items"]) ~= "table" then
  ngx.say("[]")
  return
end

for k2,v2 in ipairs(decoded["items"]) do
  if check_table_key_exists(v2["spec"], "tls") then
    for k3,v3 in ipairs(v2["spec"]["tls"]) do
      for i, host in ipairs(v3["hosts"]) do        
        ngx.log(ngx.INFO, "Ingress: " .. host)
        table.insert(host_list, "https://" .. host)
      end
    end
  end

  for k3, v3 in ipairs(v2["spec"]["rules"]) do
    if v3["host"] ~= nil then
      ngx.log(ngx.INFO, "Ingress: " .. v3["host"])
      table.insert(host_list, "http://" .. v3["host"])
    end
  end
end

ngx.say(json.encode(host_list))