<?php
/*
 * Copyright (C) Ascensio System SIA, 2009-2026
 *
 * This program is a free software product. You can redistribute it and/or
 * modify it under the terms of the GNU Affero General Public License (AGPL)
 * version 3 as published by the Free Software Foundation, together with the
 * additional terms provided in the LICENSE file.
 *
 * This program is distributed WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For
 * details, see the GNU AGPL at: https://www.gnu.org/licenses/agpl-3.0.html
 *
 * You can contact Ascensio System SIA by email at info@onlyoffice.com
 * or by postal mail at 20A-6 Ernesta Birznieka-Upisha Street, Riga,
 * LV-1050, Latvia, European Union.
 *
 * The interactive user interfaces in modified versions of the Program
 * are required to display Appropriate Legal Notices in accordance with
 * Section 5 of the GNU AGPL version 3.
 *
 * No trademark rights are granted under this License.
 *
 * All non-code elements of the Product, including illustrations,
 * icon sets, and technical writing content, are licensed under the
 * Creative Commons Attribution-ShareAlike 4.0 International License:
 * https://creativecommons.org/licenses/by-sa/4.0/legalcode
 *
 * This license applies only to such non-code elements and does not
 * modify or replace the licensing terms applicable to the Program's
 * source code, which remains licensed under the GNU Affero General
 * Public License v3.
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */

namespace OCA\Onlyoffice;

use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\DirectEditing\IEditor;
use OCP\DirectEditing\IToken;
use OCP\IL10N;
use Psr\Log\LoggerInterface;

/**
 * Direct Editor
 *
 * @package OCA\Onlyoffice
 */
class DirectEditor implements IEditor {

    public function __construct(
        private readonly string $appName,
        private readonly IL10N $trans,
        private readonly LoggerInterface $logger,
        private readonly AppConfig $appConfig,
        private readonly Crypt $crypt
    ) {}

    /**
     * Return a unique identifier for the editor
     */
    public function getId(): string {
        return $this->appName;
    }

    /**
     * Return a readable name for the editor
     */
    public function getName(): string {
        return "ONLYOFFICE";
    }

    /**
     * A list of mimetypes that should open the editor by default
     */
    public function getMimetypes(): array {
        $mimes = [];
        if (!$this->appConfig->isUserAllowedToUse()) {
            return $mimes;
        }

        $formats = $this->appConfig->formatsSetting();
        foreach ($formats as $setting) {
            if (array_key_exists("def", $setting) && $setting["def"]) {
                $mimes[] = $setting["mime"][0];
            }
        }

        return $mimes;
    }

    /**
     * A list of mimetypes that can be opened in the editor optionally
     */
    public function getMimetypesOptional(): array {
        $mimes = [];
        if (!$this->appConfig->isUserAllowedToUse()) {
            return $mimes;
        }

        $formats = $this->appConfig->formatsSetting();
        foreach ($formats as $setting) {
            if (!array_key_exists("def", $setting) || !$setting["def"]) {
                $mimes[] = $setting["mime"][0];
            }
        }

        return $mimes;
    }

    /**
     * Return a list of file creation options to be presented to the user
     *
     * @return array of ACreateFromTemplate|ACreateEmpty
     */
    public function getCreators(): array {
        if (!$this->appConfig->isUserAllowedToUse()) {
            return [];
        }

        return [
            new FileCreator($this->appName, $this->trans, $this->logger, "docx"),
            new FileCreator($this->appName, $this->trans, $this->logger, "xlsx"),
            new FileCreator($this->appName, $this->trans, $this->logger, "pptx")
        ];
    }

    /**
     * Return if the view is able to securely view a file without downloading it to the browser
     */
    public function isSecure(): bool {
        return true;
    }

    /**
     * Return a template response for displaying the editor
     *
     * open can only be called once when the client requests the editor with a one-time-use token
     * For handling editing and later requests, editors need to implement their own token handling
     * and take care of invalidation
     *
     * @param IToken $token - one time token
     */
    public function open(IToken $token): Response {
        try {
            $token->useTokenScope();
            $file = $token->getFile();
            $fileId = $file->getId();
            $userId = $token->getUser();

            $this->logger->debug("DirectEditor open: $fileId");

            if (!$this->appConfig->isUserAllowedToUse($userId)) {
                return $this->renderError($this->trans->t("Not permitted"));
            }

            if ($this->appConfig->getRestrictExternalStorage()
                && $file->getMountPoint() instanceof \OCA\Files_External\Config\ExternalMountPoint) {
                return $this->renderError($this->trans->t("Opening files with ONLYOFFICE from external storages is restricted. Please contact the admin."));
            }

            $documentServerUrl = $this->appConfig->getDocumentServerUrl();

            if (empty($documentServerUrl)) {
                $this->logger->error("documentServerUrl is empty");
                return $this->renderError($this->trans->t("ONLYOFFICE app is not configured. Please contact admin"));
            }

            $directToken = $this->crypt->getHash([
                "userId" => $userId,
                "fileId" => $fileId,
                "action" => "direct",
                "iat" => time(),
                "exp" => time() + 30
            ]);

            $filePath = $file->getPath();
            $filePath = preg_replace("/^\/" . $userId . "\/files/", "", (string) $filePath);

            $params = [
                "fileId" => null,
                "filePath" => $filePath,
                "shareToken" => null,
                "directToken" => $directToken,
                "isTemplate" => false,
                "inframe" => false,
                "inviewer" => false,
                "anchor" => null
            ];

            $response = new TemplateResponse($this->appName, "editor", $params, "base");

            $csp = new ContentSecurityPolicy();

            if (preg_match("/^https?:\/\//i", $documentServerUrl)) {
                $csp->addAllowedScriptDomain($documentServerUrl);
                $csp->addAllowedFrameDomain($documentServerUrl);
            } else {
                $csp->addAllowedFrameDomain("'self'");
            }
            $response->setContentSecurityPolicy($csp);

            return $response;
        } catch (\Exception $e) {
            $this->logger->error($e->getMessage(), ["exception" => $e]);
            return $this->renderError($e->getMessage());
        }
    }

    /**
     * Print error page
     *
     * @param string $error - error message
     */
    private function renderError(string $error): TemplateResponse {
        return new TemplateResponse($this->appName, "directeditorerror", [
            "error" => $error
        ], TemplateResponse::RENDER_AS_ERROR);
    }
}