/**
 * This file is part of Haketilo.
 *
 * Function: Modify HTTP traffic usng webRequest API.
 *
 * Copyright (C) 2021, 2022 Wojtek Kosior <koszko@koszko.org>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * As additional permission under GNU GPL version 3 section 7, you
 * may distribute forms of that code without the copy of the GNU
 * GPL normally required by section 4, provided you include this
 * license notice and, in case of non-source distribution, a URL
 * through which recipients can access the Corresponding Source.
 * If you modify file(s) with this exception, you may extend this
 * exception to your version of the file(s), but you are not
 * obligated to do so. If you do not wish to do so, delete this
 * exception statement from your version.
 *
 * As a special exception to the GPL, any HTML file which merely
 * makes function calls to this code, and for that purpose
 * includes it by reference shall be deemed a separate work for
 * copyright law purposes. If you modify this code, you may extend
 * this exception to your version of the code, but you are not
 * obligated to do so. If you do not wish to do so, delete this
 * exception statement from your version.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * I, Wojtek Kosior, thereby promise not to sue for violation of this file's
 * license. Although I request that you do not make use of this code in a
 * proprietary program, I am not going to enforce this in court.
 */

#IMPORT common/indexeddb.js AS haketilodb

#IF MOZILLA
#IMPORT background/stream_filter.js
#ENDIF

#FROM common/browser.js IMPORT browser
#FROM common/misc.js    IMPORT is_privileged_url, csp_header_regex, \
                               sha256_async AS sha256
#FROM common/policy.js  IMPORT decide_policy

#FROM background/patterns_query_manager.js IMPORT tree, default_allow

let secret;

#IF MOZILLA
/*
 * Under Mozilla-based browsers, responses are cached together with headers as
 * they appear *after* modifications by Haketilo. This means Haketilo's CSP
 * script-blocking headers might be present in responses loaded from cache. In
 * the meantime the user might have changes Haketilo settings to instead allow
 * the scripts on the page in question. This causes a problem and creates the
 * need to somehow restore the response headers to the state in which they
 * arrived from the server.
 * To cope with this, Haketilo will inject some additional headers with private
 * data. Those will include a hard-to-guess value derived from extension's
 * internal ID. It is assumed the internal ID has a longer lifetime than cached
 * responses.
 */

const settings_page_url = browser.runtime.getURL("html/settings.html");
const header_prefix_prom = sha256(settings_page_url)
      .then(hash => `X-Haketilo-${hash}`);

/*
 * Mozilla, unlike Chrome, allows webRequest callbacks to return promises. Here
 * we leverage that to be able to use asynchronous sha256 computation.
 */
async function on_headers_received(details) {
#IF NEVER
} /* Help auto-indent in editors. */
#ENDIF
#ELSE
function on_headers_received(details) {
#ENDIF
    const url = details.url;
    if (is_privileged_url(details.url))
	return;

    let headers = details.responseHeaders;

#IF MOZILLA
    const prefix = await header_prefix_prom;

    /*
     * We assume that the original CSP headers of a response are always
     * preserved under names of the form:
     *     X-Haketilo-<some_secret>-<original_name>
     * In some cases the original response may contain no CSP headers. To still
     * be able to tell whether the headers we were provided were modified by
     * Haketilo in the past, all modifications are accompanied by addition of an
     * extra header with name:
     *     X-Haketilo-<some_secret>
     */

    const restore_old_headers = details.fromCache &&
	  !!headers.filter(h => h.name === prefix).length;

    if (restore_old_headers) {
	const restored_headers = [];

	for (const h of headers) {
	    if (csp_header_regex.test(h.name) || h.name === prefix)
		continue;

	    if (h.name.startsWith(prefix)) {
		restored_headers.push({
		    name:  h.name.substring(prefix.length + 1),
		    value: h.value
		});
	    } else {
		restored_headers.push(h);
	    }
	}

	headers = restored_headers;
    }
#ENDIF

    const policy =
	  decide_policy(tree, details.url, !!default_allow.value, secret);

    if (!policy.allow) {
#IF MOZILLA
	const to_append = [{name: prefix, value: ":)"}];

	for (const h of headers.filter(h => csp_header_regex.test(h.name))) {
	    if (!policy.payload)
		to_append.push(Object.assign({}, h));

	    h.name = `${prefix}-${h.name}`;
	}

	headers.push(...to_append);
#ELSE
	if (policy.payload)
	    headers = headers.filter(h => !csp_header_regex.test(h.name));
#ENDIF

	headers.push({name: "Content-Security-Policy", value: policy.csp});
    }

#IF MOZILLA
    /*
     * When page is meant to be viewed in the browser, use streamFilter to
     * inject a dummy <script> at the very beginning of it. This <script>
     * will cause extension's content scripts to run before page's first <meta>
     * tag is rendered so that they can prevent CSP rules inside <meta> tags
     * from blocking the payload we want to inject.
     */

    let use_stream_filter = !!policy.payload;
    if (use_stream_filter) {
	for (const header of headers) {
	    if (header.name.toLowerCase().trim() !== "content-disposition")
		continue;

	    if (/^\s*attachment\s*(;.*)$/i.test(header.value)) {
		use_stream_filter = false;
	    } else {
		use_stream_filter = true;
		break;
	    }
	}
    }
    use_stream_filter = use_stream_filter &&
	(details.statusCode < 300 || details.statusCode >= 400);

    if (use_stream_filter)
	headers = stream_filter.apply(details, headers, policy);
#ENDIF

    return {responseHeaders: headers};
}

#IF CHROMIUM && MV2
const request_url_regex = /^[^?]*\?url=(.*)$/;
const redirect_url_template = browser.runtime.getURL("dummy") + "?settings=";

function on_before_request(details)
{
    /*
     * Content script will make a synchronous XmlHttpRequest to extension's
     * `dummy` file to query settings for given URL. We smuggle that
     * information in query parameter of the URL we redirect to.
     * A risk of fingerprinting arises if a page with script execution allowed
     * guesses the dummy file URL and makes an AJAX call to it. It is currently
     * a problem in ManifestV2 Chromium-family port of Haketilo because Chromium
     * uses predictable URLs for web-accessible resources. We plan to fix it in
     * the future ManifestV3 port.
     */
    if (details.type !== "xmlhttprequest")
	return {cancel: true};

    if (details.url.startsWith(redirect_url_template))
	return;

#IF DEBUG
    console.debug(`Haketilo: Settings queried using XHR for '${details.url}'.`);
#ENDIF

    /*
     * request_url should be of the following format:
     *     <url_for_extension's_dummy_file>?url=<valid_urlencoded_url>
     */
    const match = request_url_regex.exec(details.url);
    if (match) {
	const queried_url = decodeURIComponent(match[1]);

	if (details.initiator && details.initiator !== "null" &&
	    !queried_url.startsWith(details.initiator)) {
	    console.warn(`Haketilo: Blocked suspicious query of '${queried_url}' by '${details.initiator}'. This might be the result of page fingerprinting the browser.`);
	    return {cancel: true};
	}

	const policy =
	      decide_policy(tree, queried_url, !!default_allow.value, secret);
	if (!policy.error) {
	    const encoded_policy = encodeURIComponent(JSON.stringify(policy));
	    return {redirectUrl: redirect_url_template + encoded_policy};
	}
    }

    console.warn(`Haketilo: Bad request! Expected ${browser.runtime.getURL("dummy")}?url=<valid_urlencoded_url>. Got ${details.url}. This might be the result of page fingerprinting the browser.`);

    return {cancel: true};
}

const all_types = [
    "main_frame", "sub_frame", "stylesheet", "script", "image", "font",
    "object", "xmlhttprequest", "ping", "csp_report", "media", "websocket",
    "other", "main_frame", "sub_frame"
];
#ENDIF

async function start(secret_)
{
    secret = secret_;

#IF CHROMIUM
    const extra_opts = ["blocking", "extraHeaders"];
#ELSE
    const extra_opts = ["blocking"];
#ENDIF

    browser.webRequest.onHeadersReceived.addListener(
	on_headers_received,
	{urls: ["<all_urls>"], types: ["main_frame", "sub_frame"]},
	extra_opts.concat("responseHeaders")
    );

#IF CHROMIUM && MV2
    browser.webRequest.onBeforeRequest.addListener(
	on_before_request,
	{urls: [browser.runtime.getURL("dummy") + "*"], types: all_types},
	extra_opts
    );
#ENDIF
}
#EXPORT start