// Copyright 2016 The Upspin Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Keyserver is a wrapper for a key implementation that presents it as an HTTP
// interface.
package main // import "kesim.org/upspin-keyserver"

import (
	"flag"
	"os"
	"path/filepath"
	"strings"

	"upspin.io/flags"
	"upspin.io/log"
	"upspin.io/serverutil"
	"upspin.io/serverutil/keyserver"
	"upspin.io/upspin"

	// Load required transports
	_ "upspin.io/key/transports"

	// Possible storage backends.
	"upspin.io/cloud/https"
	_ "upspin.io/cloud/storage/disk"
)

var (
	keyDir = flag.String("keyDir", "", "initialize keys from this `directory`")
)

func main() {
	keyserver.Main(setupTestUser)
	https.ListenAndServeFromFlags(nil)
}

// setupTestUser uses the -test_user and -test_secrets flags to bootstrap the
// inprocess key server with an initial user.
func setupTestUser(key upspin.KeyServer) {
	if *keyDir == "" {
		log.Println("no keyDir provided")
		return
	}

	if flags.InsecureHTTP {
		if !serverutil.IsLoopback(flags.HTTPAddr) {
			log.Fatal("cannot use -keyDir flag on an insecure connection except on -http=localhost:port")
		}
	}

	entries, err := os.ReadDir(*keyDir)
	if err != nil {
		log.Fatalf("cannot open keyDir %q: %v", *keyDir, err)
	}

	for _, entry := range entries {
		name := entry.Name()
		path := filepath.Join(*keyDir, name)
		if !entry.IsDir() || !strings.Contains("@", name) {
			continue
		}

		pk, err := os.ReadFile(path)
		if err != nil {
			log.Fatalf("unable to read %q: %v", path, err)
		}
		userStruct := &upspin.User{
			Name:      upspin.UserName(name),
			PublicKey: upspin.PublicKey(string(pk)),
		}
		err = key.Put(userStruct)
		if err != nil {
			log.Fatalf("Put %q failed: %v", name, err)
		}
		log.Printf("Added user %q\n", name)
	}
}