use crate::{error::Error, warn, Config};

pub fn check(config: &Config) -> Result<(), Error> {
	#[cfg(all(feature = "rocksdb", not(feature = "sha256_media")))] // prevents catching this in `--all-features`
	warn!(
		"Note the rocksdb feature was deleted from conduwuit. SQLite support was removed and RocksDB is the only \
		 supported backend now. Please update your build script to remove this feature."
	);
	#[cfg(all(feature = "sha256_media", not(feature = "rocksdb")))] // prevents catching this in `--all-features`
	warn!(
		"Note the sha256_media feature was deleted from conduwuit, it is now fully integrated in a \
		 forwards-compatible way. Please update your build script to remove this feature."
	);

	config.warn_deprecated();
	config.warn_unknown_key();

	if config.sentry && config.sentry_endpoint.is_none() {
		return Err(Error::bad_config("Sentry cannot be enabled without an endpoint set"));
	}

	#[cfg(all(feature = "hardened_malloc", feature = "jemalloc"))]
	warn!(
		"hardened_malloc and jemalloc are both enabled, this causes jemalloc to be used. If using --all-features, \
		 this is harmless."
	);

	#[cfg(not(unix))]
	if config.unix_socket_path.is_some() {
		return Err(Error::bad_config(
			"UNIX socket support is only available on *nix platforms. Please remove \"unix_socket_path\" from your \
			 config.",
		));
	}

	#[cfg(unix)]
	if config.unix_socket_path.is_none() {
		config.get_bind_addrs().iter().for_each(|addr| {
			use std::path::Path;

			if addr.ip().is_loopback() {
				crate::debug_info!("Found loopback listening address {addr}, running checks if we're in a container.",);

				if Path::new("/proc/vz").exists() /* Guest */ && !Path::new("/proc/bz").exists()
				/* Host */
				{
					crate::error!(
						"You are detected using OpenVZ with a loopback/localhost listening address of {addr}. If you \
						 are using OpenVZ for containers and you use NAT-based networking to communicate with the \
						 host and guest, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, \
						 you can ignore.",
					);
				}

				if Path::new("/.dockerenv").exists() {
					crate::error!(
						"You are detected using Docker with a loopback/localhost listening address of {addr}. If you \
						 are using a reverse proxy on the host and require communication to conduwuit in the Docker \
						 container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". \
						 If this is expected, you can ignore.",
					);
				}

				if Path::new("/run/.containerenv").exists() {
					crate::error!(
						"You are detected using Podman with a loopback/localhost listening address of {addr}. If you \
						 are using a reverse proxy on the host and require communication to conduwuit in the Podman \
						 container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". \
						 If this is expected, you can ignore.",
					);
				}
			}
		});
	}

	// rocksdb does not allow max_log_files to be 0
	if config.rocksdb_max_log_files == 0 {
		return Err(Error::bad_config(
			"rocksdb_max_log_files cannot be 0. Please set a value at least 1.",
		));
	}

	// yeah, unless the user built a debug build hopefully for local testing only
	#[cfg(not(debug_assertions))]
	if config.server_name == "your.server.name" {
		return Err(Error::bad_config(
			"You must specify a valid server name for production usage of conduwuit.",
		));
	}

	#[cfg(debug_assertions)]
	crate::info!("Note: conduwuit was built without optimisations (i.e. debug build)");

	// check if the user specified a registration token as `""`
	if config.registration_token == Some(String::new()) {
		return Err(Error::bad_config("Registration token was specified but is empty (\"\")"));
	}

	if config.max_request_size < 5_120_000 {
		return Err(Error::bad_config("Max request size is less than 5MB. Please increase it."));
	}

	// check if user specified valid IP CIDR ranges on startup
	for cidr in &config.ip_range_denylist {
		if let Err(e) = ipaddress::IPAddress::parse(cidr) {
			crate::error!("Error parsing specified IP CIDR range from string: {e}");
			return Err(Error::bad_config("Error parsing specified IP CIDR ranges from strings"));
		}
	}

	if config.allow_registration
		&& !config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
		&& config.registration_token.is_none()
	{
		return Err(Error::bad_config(
			"!! You have `allow_registration` enabled without a token configured in your config which means you are \
			 allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token).\n
If this is not the intended behaviour, please set a registration token with the `registration_token` config option.\n
For security and safety reasons, conduwuit will shut down. If you are extra sure this is the desired behaviour you \
			 want, please set the following config option to true:
`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`",
		));
	}

	if config.allow_registration
		&& config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
		&& config.registration_token.is_none()
	{
		warn!(
			"Open registration is enabled via setting \
			 `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and `allow_registration` to \
			 true without a registration token configured. You are expected to be aware of the risks now.\n
    If this is not the desired behaviour, please set a registration token."
		);
	}

	if config.allow_outgoing_presence && !config.allow_local_presence {
		return Err(Error::bad_config(
			"Outgoing presence requires allowing local presence. Please enable \"allow_local_presence\".",
		));
	}

	if config
		.url_preview_domain_contains_allowlist
		.contains(&"*".to_owned())
	{
		warn!(
			"All URLs are allowed for URL previews via setting \"url_preview_domain_contains_allowlist\" to \"*\". \
			 This opens up significant attack surface to your server. You are expected to be aware of the risks by \
			 doing this."
		);
	}
	if config
		.url_preview_domain_explicit_allowlist
		.contains(&"*".to_owned())
	{
		warn!(
			"All URLs are allowed for URL previews via setting \"url_preview_domain_explicit_allowlist\" to \"*\". \
			 This opens up significant attack surface to your server. You are expected to be aware of the risks by \
			 doing this."
		);
	}
	if config
		.url_preview_url_contains_allowlist
		.contains(&"*".to_owned())
	{
		warn!(
			"All URLs are allowed for URL previews via setting \"url_preview_url_contains_allowlist\" to \"*\". This \
			 opens up significant attack surface to your server. You are expected to be aware of the risks by doing \
			 this."
		);
	}

	Ok(())
}