const fs = require('fs');
const path = require('path');
const { suspiciousLogger } = require('../config/logs');

const BAN_LEVELS = [10, 30, 60, Infinity];
const SUSPICIOUS_REQUEST_LIMIT = 5;
const BAN_FILE_PATH = path.join(__dirname, '..', 'data', 'banUser.json');

const logAndBanSuspiciousActivity = async (req, res, next) => {
  const ip = req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'] || req.connection.remoteAddress;
  const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`;

  // Skip monitoring for localhost/local IPs
  const localIps = ['127.0.0.1', '::1', 'localhost', '::ffff:127.0.0.1'];
  if (localIps.includes(ip)) {
    next();
    return;
  }

  // Skip monitoring for Chrome DevTools requests
  if (req.originalUrl.includes('.well-known/appspecific/com.chrome.devtools.json')) {
    next();
    return;
  }

  // Skip monitoring for specific endpoints
  if (req.originalUrl === '/auth/activedirectory' || req.originalUrl === '/favicon.ico') {
    next();
    return;
  }

  let bans;
  try {
    if (!fs.existsSync(BAN_FILE_PATH)) {
      fs.writeFileSync(BAN_FILE_PATH, JSON.stringify({}));
    }
    bans = JSON.parse(fs.readFileSync(BAN_FILE_PATH));
  } catch (err) {
    bans = {};
  }

  let ban = bans[ip];

    if (ban) {
      const timeSinceLastRequest = Date.now() - ban.lastRequestTime;
      if (timeSinceLastRequest < 60 * 1000) {
        ban.suspiciousRequestCount++;
      } else {
        ban.suspiciousRequestCount = 1;
      }
      if (ban.suspiciousRequestCount >= SUSPICIOUS_REQUEST_LIMIT) {
        ban.level++;
        ban.suspiciousRequestCount = 0;
        ban.banUntil = Date.now() + BAN_LEVELS[ban.level % BAN_LEVELS.length] * 60 * 1000;
      }
      ban.lastRequestTime = Date.now();
    } else {
      bans[ip] = { level: 0, banUntil: Date.now(), suspiciousRequestCount: 1, lastRequestTime: Date.now() };
      ban = bans[ip];
    }

  fs.writeFileSync(BAN_FILE_PATH, JSON.stringify(bans));

  if (ban && Date.now() < ban.banUntil) {
    res.status(403).json({ message: 'You are banned. Please try again later.' });
    return;
  }

  suspiciousLogger.info(`Suspicious request from IP: ${ip} tried to access ${req.method} ${url}`);

  next();
};

module.exports = { logAndBanSuspiciousActivity };