// Add adds a new shorturl
func (view View) Add(w http.ResponseWriter, req *http.Request) {
	url := req.FormValue("url")
	if url == "" {
		http.Redirect(w, req, "/", http.StatusFound)
		return
	}
	host := getIP(req)
	if err := checkAllowed(req, url, host); err != nil {
		data := map[string]interface{}{
			csrf.TemplateTag: csrf.TemplateField(req),
			"Error":          err,
		}
		view.renderTemplate(w, "index", data)
		return
	}
	clientid := getClientID(req.Cookies())
	if clientid == "" {
		http.Error(w, "Failed to add shorturl", http.StatusForbidden)
		return
	}
	s, err := Add(view.DB, url, host, clientid)
	if err != nil {
		log.Printf("Failed to add (%s)", err)
		http.Error(w, "Failed to add short url", http.StatusInternalServerError)
		return
	}
	http.Redirect(w, req, s.PreviewURL(), http.StatusFound)
}

func (controller *usersController) newPost(rw http.ResponseWriter, req *http.Request) (int, error) {
	err := req.ParseForm()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	decoder := schema.NewDecoder()
	// Ignore unknown keys to prevent errors from the CSRF token.
	decoder.IgnoreUnknownKeys(true)
	formUser := new(viewmodels.UsersEditViewModel)
	err = decoder.Decode(formUser, req.PostForm)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	valErrors := validateUserForm(formUser, false)
	if len(valErrors) > 0 {
		isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
		vm := viewmodels.NewUserViewModel(formUser, controller.roles, isAuthenticated, user, valErrors)
		vm.CsrfField = csrf.TemplateField(req)
		return http.StatusOK, controller.newTemplate.Execute(rw, vm)
	}

	var user httpauth.UserData
	user.Username = formUser.Username
	user.Email = formUser.Email
	password := formUser.Password
	user.Role = formUser.Role
	err = controller.authorizer.Register(rw, req, user, password)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	http.Redirect(rw, req, "/settings/users", http.StatusSeeOther)
	return http.StatusSeeOther, nil
}

func (controller *profileController) post(rw http.ResponseWriter, req *http.Request) (int, error) {
	err := req.ParseForm()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	decoder := schema.NewDecoder()
	// Ignore unknown keys to prevent errors from the CSRF token.
	decoder.IgnoreUnknownKeys(true)
	formUser := new(viewmodels.ProfileEditViewModel)
	err = decoder.Decode(formUser, req.PostForm)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	valErrors := validateProfileForm(formUser, true)
	if len(valErrors) > 0 {
		isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
		vm := viewmodels.EditProfileViewModel(formUser, isAuthenticated, user, valErrors)
		vm.CsrfField = csrf.TemplateField(req)
		return http.StatusOK, controller.template.Execute(rw, vm)
	}

	// Update the user.
	err = controller.authorizer.Update(rw, req, "", formUser.Password, formUser.Email)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	http.Redirect(rw, req, "/", http.StatusSeeOther)
	return http.StatusSeeOther, nil
}

func loginHandler(c *gin.Context) {
	redirectTarget := strings.TrimSpace(c.DefaultPostForm("next", c.DefaultQuery("next", "")))
	//	c.HTML(http.StatusOK, "login_page.html", gin.H{csrf.TemplateTag: csrf.TemplateField(c.Request),
	//		"err": "", "user_name": "", "pass": "", "next": redirectTarget})
	renderTemplate(c.Writer, "login_page.html", gin.H{csrf.TemplateTag: csrf.TemplateField(c.Request),
		"err": "", "user_name": "", "pass": "", "next": redirectTarget})
}

func (controller *contactsController) editGet(rw http.ResponseWriter, req *http.Request) (int, error) {
	vars := mux.Vars(req)
	contactID, err := strconv.ParseInt(vars["contactID"], 10, 64)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	// Get the contact to edit
	contact := new(database.Contact)
	err = contact.GetContact(controller.DB, contactID)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
	contactEdit := new(viewmodels.ContactsEditViewModel)
	contactEdit.Name = contact.Name
	contactEdit.ContactID = contact.ContactID
	contactEdit.EmailAddress = contact.EmailAddress
	contactEdit.SmsNumber = contact.SmsNumber
	contactEdit.EmailActive = contact.EmailActive
	contactEdit.SmsActive = contact.SmsActive
	contactEdit.SelectedSites, err = getContactSiteIDs(controller, contact)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	sites, errGet := getAllSites(controller)
	if errGet != nil {
		return http.StatusInternalServerError, errGet
	}

	vm := viewmodels.EditContactViewModel(contactEdit, sites, isAuthenticated, user, make(map[string]string))
	vm.CsrfField = csrf.TemplateField(req)
	return http.StatusOK, controller.editTemplate.Execute(rw, vm)
}

// upload logic
func upload(c *gin.Context) {
	if c.Request.Method == "GET" {
		ct := gin.H{csrf.TemplateTag: csrf.TemplateField(c.Request)}
		form := renderStrTemplate("uploadForm.html", ct)
		renderTemplate(c.Writer, "base.html", updateMap(ct, map[string]interface{}{"title": "Upload", "pageTitle": "Upload Form", "content": form}))
	} else if c.Request.Method == "POST" {
		c.Request.ParseMultipartForm(32 << 20)
		file, handler, err := c.Request.FormFile("uploadfile")
		if err != nil {
			log.Println(err)
			c.Redirect(http.StatusFound, "/upload")
			return
		}
		defer file.Close()
		//		fmt.Fprintf(c.Writer, "%v", handler.Header)
		f, err := os.OpenFile("/tmp/"+handler.Filename, os.O_WRONLY|os.O_CREATE, 0666)
		if err != nil {
			log.Println(err)
			c.Redirect(http.StatusFound, "/upload")
			return
		}
		defer f.Close()
		io.Copy(f, file)
		c.Redirect(http.StatusFound, "/upload")
	}
}

// SetUser is a HTTP middleware for setting the user and build information.
func SetUser(h http.Handler) http.Handler {
	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		context.Set(req, csrf.TemplateTag, csrf.TemplateField(req)) // Set CSRF field everywhere
		context.Set(req, "Version", Version)
		context.Set(req, "Branch", Branch)
		context.Set(req, "user", &Account{})
		ses, err := store.Get(req, "evemu")
		if err != nil {
			log.Printf("Failed to get session cookie: %s", err.Error())
			h.ServeHTTP(rw, req)
			return
		}

		if v, ok := ses.Values["user"]; ok {
			if v.(int) == 0 {
				h.ServeHTTP(rw, req)
				return
			}
			//a, err := DBAccountFromID(v.(int))
			a, err := Layer.GetAccountFromID(v.(int)) // TODO: Unsafe, may panic
			if err != nil {
				log.Printf("Failed to get account from id: %s", err.Error())
				h.ServeHTTP(rw, req)
				return
			}
			context.Set(req, "user", a)
		}
		h.ServeHTTP(rw, req)
	})
}

func (controller *usersController) newGet(rw http.ResponseWriter, req *http.Request) (int, error) {
	isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
	userEdit := new(viewmodels.UsersEditViewModel)
	userEdit.Role = "user"
	vm := viewmodels.NewUserViewModel(userEdit, controller.roles, isAuthenticated, user, make(map[string]string))
	vm.CsrfField = csrf.TemplateField(req)
	return http.StatusOK, controller.newTemplate.Execute(rw, vm)
}

func (self httpModUI) writeTemplateParam(wr http.ResponseWriter, r *http.Request, name string, param map[string]interface{}) {
	if param == nil {
		param = make(map[string]interface{})
	}
	param[csrf.TemplateTag] = csrf.TemplateField(r)
	param["prefix"] = self.prefix
	param["mod_prefix"] = self.mod_prefix
	io.WriteString(wr, template.renderTemplate(name, param))
}

//DefaultData returns common to all pages template data
func DefaultData(r *http.Request) map[string]interface{} {
	return map[string]interface{}{
		"ActiveUser":     context.Get(r, "user"),           //signed in models.User
		"Active":         "",                               //active uri shortening for menu item highlight
		"Title":          "",                               //page title:w
		"SignupEnabled":  context.Get(r, "signup_enabled"), //signup route is enabled (otherwise everyone can signup ;)
		csrf.TemplateTag: csrf.TemplateField(r),
	}
}

func getSignup(ctx context, w http.ResponseWriter, req *http.Request) {
	wrap := map[string]interface{}{
		"Stylesheets":    assets.StylesheetHandlers,
		"Scripts":        assets.ScriptHandlers,
		csrf.TemplateTag: csrf.TemplateField(req),
	}
	if err := assets.Templates["signup.html"].Execute(w, wrap); err != nil {
		log.Println(err)
		http.Error(w, err500, 500)
		return
	}
}

func (controller *contactsController) newPost(rw http.ResponseWriter, req *http.Request) (int, error) {
	err := req.ParseForm()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	decoder := schema.NewDecoder()
	// Ignore unknown keys to prevent errors from the CSRF token.
	decoder.IgnoreUnknownKeys(true)
	formContact := new(viewmodels.ContactsEditViewModel)
	err = decoder.Decode(formContact, req.PostForm)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	valErrors := validateContactForm(formContact)
	if len(valErrors) > 0 {
		isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
		sites, errGet := getAllSites(controller)
		if errGet != nil {
			return http.StatusInternalServerError, err
		}
		vm := viewmodels.NewContactViewModel(formContact, sites, false,
			isAuthenticated, user, valErrors)
		vm.CsrfField = csrf.TemplateField(req)
		return http.StatusOK, controller.newTemplate.Execute(rw, vm)
	}

	contact := database.Contact{}
	mapContacts(&contact, formContact)
	err = contact.CreateContact(controller.DB)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	//Add contact to any selected sites
	for _, siteSelID := range formContact.SelectedSites {
		err = addContactToSite(controller, contact.ContactID, siteSelID)
		if err != nil {
			return http.StatusInternalServerError, err
		}
	}

	// Refresh the pinger with the changes.
	// TODO: Check whether this contact has been added to any site first.
	err = controller.pinger.UpdateSiteSettings()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	http.Redirect(rw, req, "/settings/contacts", http.StatusSeeOther)
	return http.StatusSeeOther, nil
}

func pageRouter(c *gin.Context) {
	var db = connectDB()
	defer db.Close()
	page, err := getPage(db, c.Param("link"))
	ctxt := gin.H{csrf.TemplateTag: csrf.TemplateField(c.Request),
		"title": page.Title_ru, "pageTitle": page.Title_ru, "content": page.Content_ru}
	if err != nil {
		writeError(c, "<b>Извините, но страница не найдена</b>", http.StatusNotFound)
		return
	}
	renderTemplate(c.Writer, "base.html", ctxt)
}

func (controller *sitesController) newPost(rw http.ResponseWriter, req *http.Request) (int, error) {
	err := req.ParseForm()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	decoder := schema.NewDecoder()
	// Ignore unknown keys to prevent errors from the CSRF token.
	decoder.IgnoreUnknownKeys(true)
	formSite := new(viewmodels.SitesEditViewModel)
	err = decoder.Decode(formSite, req.PostForm)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	valErrors := validateSiteForm(formSite)
	if len(valErrors) > 0 {
		isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
		var contacts database.Contacts
		err = contacts.GetContacts(controller.DB)
		if err != nil {
			return http.StatusInternalServerError, err
		}
		vm := viewmodels.NewSiteViewModel(formSite, contacts, isAuthenticated, user, valErrors)
		vm.CsrfField = csrf.TemplateField(req)
		return http.StatusOK, controller.newTemplate.Execute(rw, vm)
	}

	site := database.Site{}
	viewmodels.MapSiteVMtoDB(formSite, &site)
	err = site.CreateSite(controller.DB)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	//Add any selected contacts
	for _, contactSelID := range formSite.SelectedContacts {
		err = site.AddContactToSite(controller.DB, contactSelID)
		if err != nil {
			return http.StatusInternalServerError, err
		}
	}

	// Refresh the pinger with the changes.
	err = controller.pinger.UpdateSiteSettings()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	http.Redirect(rw, req, "/settings", http.StatusSeeOther)
	return http.StatusSeeOther, nil
}

func getLogin(ctx context, w http.ResponseWriter, req *http.Request) {
	wrap := struct {
		Stylesheets map[string]http.Handler
		Scripts     map[string]http.Handler
		CSRFField   template.HTML
		BadAuth     bool // The previous request was a failed login attempt
	}{assets.StylesheetHandlers, assets.ScriptHandlers, csrf.TemplateField(req), ctx.badAuth}
	if err := assets.Templates["login.html"].Execute(w, wrap); err != nil {
		log.Println(err)
		http.Error(w, err500, 500)
		return
	}
}

func (controller *profileController) get(rw http.ResponseWriter, req *http.Request) (int, error) {
	isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
	// Get the user to edit
	editUser, err := controller.authBackend.User(user.Username)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	userEdit := new(viewmodels.ProfileEditViewModel)
	userEdit.Email = editUser.Email
	vm := viewmodels.EditProfileViewModel(userEdit, isAuthenticated, user, make(map[string]string))
	vm.CsrfField = csrf.TemplateField(req)
	return http.StatusOK, controller.template.Execute(rw, vm)
}

func (controller *contactsController) newGet(rw http.ResponseWriter, req *http.Request) (int, error) {
	isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
	contactEdit := new(viewmodels.ContactsEditViewModel)
	contactEdit.EmailActive = false
	contactEdit.SmsActive = false
	sites, err := getAllSites(controller)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	vm := viewmodels.NewContactViewModel(contactEdit, sites, true,
		isAuthenticated, user, make(map[string]string))
	vm.CsrfField = csrf.TemplateField(req)
	return http.StatusOK, controller.newTemplate.Execute(rw, vm)
}

func getReview(ctx context, w http.ResponseWriter, req *http.Request) {
	session, err := ctx.store.Get(req, SessionName)
	if err != nil {
		log.Println(err)
		http.Error(w, err500, 500)
		return
	}
	username, ok := session.Values["username"].(string)
	if !ok {
		http.Error(w, err500, 500)
		return
	}
	review, err := ctx.db.GetReview(ctx.review)
	if err != nil {
		http.NotFound(w, req)
		return
	}
	if len(review.Revisions) <= ctx.revision {
		http.NotFound(w, req)
		return
	}

	res := resource.Review{
		R:               review,
		CurrentRevision: ctx.revision,
		URL:             ctx.reviewURL(),
	}
	wrap := struct {
		resource.Review
		Stylesheets            map[string]http.Handler
		Scripts                map[string]http.Handler
		CSRFField              template.HTML
		Session                *sessions.Session
		ReviewOwnedByUser      bool
		UnpublishedAnnotations int
	}{
		res,
		assets.StylesheetHandlers,
		assets.ScriptHandlers,
		csrf.TemplateField(req),
		session,
		review.Submitter == username,
		review.Revisions[ctx.revision].UnpublishedAnnotationsFor(username),
	}
	if err := assets.Templates["review.html"].Execute(w, wrap); err != nil {
		log.Println(err)
		return
	}
}

func indexPageHandler(c *gin.Context) {
	userName := getSessionUser(c.Request)
	var db = connectDB()
	defer db.Close()
	page, _ := getPage(db, "tarify")
	page, _ = getPage(db, "about")
	page, _ = getPage(db, "policy")
	page, _ = getPage(db, "por_rasch_elenr_ur_lic")
	page, _ = getPage(db, "perechen-dokumentov-dlya-zaklyucheniya-dogovora-elektrosnabzheniya")

	//	c.HTML(http.StatusOK, "base.html", gin.H{csrf.TemplateTag: csrf.TemplateField(c.Request),
	//		"userName": userName, "pageTitle": (*page).Title_ru, "content": template.HTML((*page).Content_ru)})
	renderTemplate(c.Writer, "base.html", gin.H{csrf.TemplateTag: csrf.TemplateField(c.Request),
		"title": page.Title_ru, "userName": userName, "pageTitle": page.Title_ru, "content": page.Content_ru})
}

func (controller *contactsController) deletePost(rw http.ResponseWriter, req *http.Request) (int, error) {
	err := req.ParseForm()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	decoder := schema.NewDecoder()
	// Ignore unknown keys to prevent errors from the CSRF token.
	decoder.IgnoreUnknownKeys(true)
	formContact := new(viewmodels.ContactsEditViewModel)
	err = decoder.Decode(formContact, req.PostForm)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	valErrors := validateContactForm(formContact)
	if len(valErrors) > 0 {
		isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
		var noSites = []database.Site{}
		vm := viewmodels.EditContactViewModel(formContact, noSites, isAuthenticated,
			user, valErrors)
		vm.CsrfField = csrf.TemplateField(req)
		return http.StatusOK, controller.deleteTemplate.Execute(rw, vm)
	}

	// Get the contact to delete
	contact := new(database.Contact)
	err = contact.GetContact(controller.DB, formContact.ContactID)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	mapContacts(contact, formContact)
	err = contact.DeleteContact(controller.DB)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	// Refresh the pinger with the changes.
	// TODO: Check whether this contact is associated with any active site first.
	err = controller.pinger.UpdateSiteSettings()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	http.Redirect(rw, req, "/settings/contacts", http.StatusSeeOther)
	return http.StatusSeeOther, nil
}