"""LocalHTTPServer — internal HTTP handler for proxy.i2p.

Serves health pages, addressbook add forms, and error page CSS
when the HTTP proxy receives a request for the reserved proxy.i2p hostname.

Ported from net.i2p.i2ptunnel.localServer.LocalHTTPServer.
"""

from __future__ import annotations

import secrets
from html import escape


class LocalHTTPHandler:
    """Handles HTTP requests to proxy.i2p."""

    def __init__(self) -> None:
        self._nonces: set[str] = set()

    def _generate_nonce(self) -> str:
        """Generate a CSRF nonce for forms."""
        nonce = secrets.token_hex(16)
        self._nonces.add(nonce)
        # Keep only last 100 nonces
        if len(self._nonces) > 100:
            self._nonces = set(list(self._nonces)[-100:])
        return nonce

    def _validate_nonce(self, nonce: str) -> bool:
        """Validate and consume a CSRF nonce."""
        if nonce in self._nonces:
            self._nonces.discard(nonce)
            return True
        return False

    def handle_get(self, path: str) -> tuple[int, str]:
        """Handle a GET request. Returns (status_code, html_body)."""
        if path == "/":
            return self._health_page()

        if path.startswith("/add"):
            return self._add_form(path)

        return 404, "<html><body><h1>404 Not Found</h1></body></html>"

    def _health_page(self) -> tuple[int, str]:
        """Serve the health/index page."""
        return 200, (
            "<html><head><title>I2P Proxy</title></head>"
            "<body><h1>I2P HTTP Proxy</h1>"
            "<p>The proxy is running.</p>"
            "</body></html>"
        )

    def _add_form(self, path: str) -> tuple[int, str]:
        """Serve the addressbook add form."""
        # Parse query string
        params: dict[str, str] = {}
        if "?" in path:
            qs = path.split("?", 1)[1]
            for pair in qs.split("&"):
                if "=" in pair:
                    k, v = pair.split("=", 1)
                    params[k] = v

        host = escape(params.get("host", ""))
        dest = escape(params.get("dest", ""))
        nonce = self._generate_nonce()

        return 200, (
            "<html><head><title>Add to Addressbook</title></head>"
            "<body><h1>Add to Addressbook</h1>"
            f"<form method='POST' action='/add'>"
            f"<input type='hidden' name='nonce' value='{nonce}'/>"
            f"<p>Host: <input name='host' value='{host}'/></p>"
            f"<p>Destination: <textarea name='dest'>{dest}</textarea></p>"
            f"<p><input type='submit' value='Add'/></p>"
            f"</form></body></html>"
        )

    def handle_post(self, path: str, form_data: dict[str, str]) -> tuple[int, str]:
        """Handle a POST request. Returns (status_code, html_body)."""
        if path == "/add":
            nonce = form_data.get("nonce", "")
            if not self._validate_nonce(nonce):
                return 403, "<html><body><h1>403 Forbidden</h1><p>Invalid nonce.</p></body></html>"

            host = form_data.get("host", "")
            dest = form_data.get("dest", "")
            if not host or not dest:
                return 400, "<html><body><h1>400 Bad Request</h1><p>Missing host or dest.</p></body></html>"

            return 200, (
                "<html><body><h1>Added</h1>"
                f"<p>{escape(host)} has been added to your addressbook.</p>"
                "</body></html>"
            )

        return 404, "<html><body><h1>404 Not Found</h1></body></html>"