<?php
/**
 * WooCommerce Plugin Framework
 *
 * This source file is subject to the GNU General Public License v3.0
 * that is bundled with this package in the file license.txt.
 * It is also available through the world-wide-web at this URL:
 * http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3.0 or later
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@skyverge.com so we can send you a copy immediately.
 *
 * @since     3.0.0
 * @author    WooCommerce / SkyVerge
 * @copyright Copyright (c) 2013-2019, SkyVerge, Inc.
 * @license   http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3.0 or later
 */

namespace WooCommerce\Square\Framework\Api;

use WooCommerce;
use WooCommerce\Square\Framework\Square_Helper;

defined( 'ABSPATH' ) or exit;

/**
 * Base API Class
 *
 * This class provides a standardized framework for constructing an API wrapper
 * to external services. It is designed to be extremely flexible.
 */
abstract class Base {

	/** @var string request method, defaults to POST */
	protected $request_method = 'POST';

	/** @var string URI used for the request */
	protected $request_uri;

	/** @var array request headers */
	protected $request_headers = array();

	/** @var string request user-agent */
	protected $request_user_agent;

	/** @var string request HTTP version, defaults to 1.0 */
	protected $request_http_version = '1.0';

	/** @var string request duration */
	protected $request_duration;

	/** @var API_Request|object request */
	protected $request;

	/** @var string response code */
	protected $response_code;

	/** @var string response message */
	protected $response_message;

	/** @var array response headers */
	protected $response_headers;

	/** @var string raw response body */
	protected $raw_response_body;

	/** @var string response handler class name */
	protected $response_handler;

	/** @var API_Response|object response */
	protected $response;

	/**
	 * Perform the request and return the parsed response
	 *
	 * @since 3.0.0
	 *
	 * @param API_Request|object $request class instance which implements API_Request
	 * @return API_Response|object class instance which implements API_Response
	 * @throws API_Exception may be thrown in implementations
	 */
	protected function perform_request( $request ) {

		// ensure API is in its default state
		$this->reset_response();

		// save the request object
		$this->request = $request;

		$start_time = microtime( true );

		// if this API requires TLS v1.2, force it
		if ( $this->require_tls_1_2() ) {
			add_action( 'http_api_curl', array( $this, 'set_tls_1_2_request' ), 10, 3 );
		}

		// perform the request
		$response = $this->do_remote_request( $this->get_request_uri(), $this->get_request_args() );

		// calculate request duration
		$this->request_duration = round( microtime( true ) - $start_time, 5 );

		try {

			// parse & validate response
			$response = $this->handle_response( $response );

		} catch ( \Exception $e ) {

			// alert other actors that a request has been made
			$this->broadcast_request();

			throw $e;
		}

		return $response;
	}

	/**
	 * Simple wrapper for wp_remote_request() so child classes can override this
	 * and provide their own transport mechanism if needed, e.g. a custom
	 * cURL implementation
	 *
	 * @since 3.0.0
	 *
	 * @param string $request_uri
	 * @param string $request_args
	 * @return array|\WP_Error
	 */
	protected function do_remote_request( $request_uri, $request_args ) {

		return wp_safe_remote_request( $request_uri, $request_args );
	}

	/**
	 * Handle and parse the response
	 *
	 * @since 3.0.0
	 * @param array|\WP_Error $response response data
	 * @throws \Exception network issues, timeouts, API errors, etc
	 * @return API_Request|object request class instance that implements API_Request
	 */
	protected function handle_response( $response ) {

		// check for WP HTTP API specific errors (network timeout, etc)
		if ( is_wp_error( $response ) ) {
			throw new \Exception( esc_html( $response->get_error_message() ), (int) $response->get_error_code() );
		}

		// set response data
		$this->response_code     = wp_remote_retrieve_response_code( $response );
		$this->response_message  = wp_remote_retrieve_response_message( $response );
		$this->raw_response_body = wp_remote_retrieve_body( $response );

		$response_headers = wp_remote_retrieve_headers( $response );

		// WP 4.6+ returns an object
		if ( is_object( $response_headers ) ) {
			$response_headers = $response_headers->getAll();
		}

		$this->response_headers = $response_headers;

		// parse the response body and tie it to the request
		$this->response = $this->get_parsed_response( $this->raw_response_body );

		// fire do_action() so other actors can act on request/response data,
		// primarily used for logging
		$this->broadcast_request();

		return $this->response;
	}

	/**
	 * Return the parsed response object for the request
	 *
	 * @since 3.0.0
	 * @param string $raw_response_body
	 * @return object|API_Request response class instance which implements API_Request
	 */
	protected function get_parsed_response( $raw_response_body ) {

		$handler_class = $this->get_response_handler();

		return new $handler_class( $raw_response_body );
	}

	/**
	 * Alert other actors that a request has been performed. This is primarily used
	 * for request logging.
	 *
	 * @since 3.0.0
	 */
	protected function broadcast_request() {

		$request_data = array(
			'method'     => $this->get_request_method(),
			'uri'        => $this->get_request_uri(),
			'user-agent' => $this->get_request_user_agent(),
			'headers'    => $this->get_sanitized_request_headers(),
			'body'       => $this->get_sanitized_request_body(),
			'duration'   => $this->get_request_duration() . 's', // seconds
		);

		$response_data = array(
			'code'    => $this->get_response_code(),
			'message' => $this->get_response_message(),
			'headers' => $this->get_response_headers(),
			'body'    => $this->get_sanitized_response_body() ? $this->get_sanitized_response_body() : $this->get_raw_response_body(),
		);

		/**
		 * API Base Request Performed Action.
		 *
		 * Fired when an API request is performed via this base class. Plugins can
		 * hook into this to log request/response data.
		 *
		 * @since 3.0.0
		 * @param array $request_data {
		 *     @type string $method request method, e.g. POST
		 *     @type string $uri request URI
		 *     @type string $user-agent
		 *     @type string $headers request headers
		 *     @type string $body request body
		 *     @type string $duration in seconds
		 * }
		 * @param array $response data {
		 *     @type string $code response HTTP code
		 *     @type string $message response message
		 *     @type string $headers response HTTP headers
		 *     @type string $body response body
		 * }
		 * @param Base $this instance
		 */
		do_action( 'wc_' . $this->get_api_id() . '_api_request_performed', $request_data, $response_data, $this );
	}

	/**
	 * Reset the API response members to their
	 *
	 * @since 3.0.0
	 */
	protected function reset_response() {

		$this->response_code     = null;
		$this->response_message  = null;
		$this->response_headers  = null;
		$this->raw_response_body = null;
		$this->response          = null;
		$this->request_duration  = null;
	}

	/**
	 * Get the request URI
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_request_uri() {

		$uri = $this->request_uri . $this->get_request_path();

		// append any query params to the URL when necessary
		$query = $this->get_request_query();
		if ( $query ) {

			$url_parts = parse_url( $uri ); // phpcs:ignore WordPress.WP.AlternativeFunctions.parse_url_parse_url

			// if the URL already has some query params, add to them
			if ( ! empty( $url_parts['query'] ) ) {
				$query = '&' . $query;
			} else {
				$query = '?' . $query;
			}

			$uri = untrailingslashit( $uri ) . $query;
		}

		/**
		 * Request URI Filter.
		 *
		 * Allow actors to filter the request URI. Note that child classes can override
		 * this method, which means this filter may be invoked prior to the overridden
		 * method.
		 *
		 * @since 3.0.0
		 *
		 * @param string $uri current request URI
		 * @param Base class instance
		 */
		return apply_filters( 'wc_' . $this->get_api_id() . '_api_request_uri', $uri, $this );
	}

	/**
	 * Gets the request path.
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_request_path() {

		return ( $this->get_request() ) ? $this->get_request()->get_path() : '';
	}

	/**
	 * Gets the request URL query.
	 *
	 * @since 3.0.0
	 *
	 * @return string
	 */
	protected function get_request_query() {

		$query   = '';
		$request = $this->get_request();

		if ( $request && in_array( strtoupper( $this->get_request_method() ), array( 'GET', 'HEAD' ), true ) ) {

			$params = $request->get_params();

			if ( ! empty( $params ) ) {
				$query = http_build_query( $params, '', '&' );
			}
		}

		return $query;
	}

	/**
	 * Get the request arguments in the format required by wp_remote_request()
	 *
	 * @since 3.0.0
	 *
	 * @return array
	 */
	protected function get_request_args() {

		$args = array(
			'method'      => $this->get_request_method(),
			'timeout'     => MINUTE_IN_SECONDS,
			'redirection' => 0,
			'httpversion' => $this->get_request_http_version(),
			'sslverify'   => true,
			'blocking'    => true,
			'user-agent'  => $this->get_request_user_agent(),
			'headers'     => $this->get_request_headers(),
			'body'        => $this->get_request_body(),
			'cookies'     => array(),
		);

		/**
		 * Request arguments.
		 *
		 * Allow other actors to filter the request arguments. Note that
		 * child classes can override this method, which means this filter may
		 * not be invoked, or may be invoked prior to the overridden method
		 *
		 * @since 3.0.0
		 * @param array $args request arguments
		 * @param Base class instance
		 */
		return apply_filters( 'wc_' . $this->get_api_id() . '_http_request_args', $args, $this );
	}

	/**
	 * Get the request method, POST by default
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_request_method() {
		// if the request object specifies the method to use, use that, otherwise use the API default
		return $this->get_request() && $this->get_request()->get_method() ? $this->get_request()->get_method() : $this->request_method;
	}

	/**
	 * Gets the request body.
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_request_body() {

		// GET & HEAD requests don't support a body
		if ( in_array( strtoupper( $this->get_request_method() ), array( 'GET', 'HEAD' ), true ) ) {
			return '';
		}

		return ( $this->get_request() && $this->get_request()->to_string() ) ? $this->get_request()->to_string() : '';
	}

	/**
	 * Gets the sanitized request body, for logging.
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_sanitized_request_body() {

		// GET & HEAD requests don't support a body
		if ( in_array( strtoupper( $this->get_request_method() ), array( 'GET', 'HEAD' ), true ) ) {
			return '';
		}

		return ( $this->get_request() && $this->get_request()->to_string_safe() ) ? $this->get_request()->to_string_safe() : '';
	}

	/**
	 * Get the request HTTP version, 1.1 by default
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_request_http_version() {

		return $this->request_http_version;
	}

	/**
	 * Get the request headers
	 *
	 * @since 3.0.0
	 * @return array
	 */
	protected function get_request_headers() {
		return $this->request_headers;
	}

	/**
	 * Get sanitized request headers suitable for logging, stripped of any
	 * confidential information
	 *
	 * The `Authorization` header is sanitized automatically.
	 *
	 * Child classes that implement any custom authorization headers should
	 * override this method to perform sanitization.
	 *
	 * @since 3.0.0
	 * @return array
	 */
	protected function get_sanitized_request_headers() {

		$headers = $this->get_request_headers();

		if ( ! empty( $headers['Authorization'] ) ) {
			$headers['Authorization'] = str_repeat( '*', strlen( $headers['Authorization'] ) );
		}

		return $headers;
	}

	/**
	 * Get the request user agent, defaults to:
	 *
	 * Dasherized-Plugin-Name/Plugin-Version (WooCommerce/WC-Version; WordPress/WP-Version)
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_request_user_agent() {

		return sprintf( '%s/%s (WooCommerce/%s; WordPress/%s)', str_replace( ' ', '-', $this->get_plugin()->get_plugin_name() ), $this->get_plugin()->get_version(), WC_VERSION, $GLOBALS['wp_version'] );
	}

	/**
	 * Get the request duration in seconds, rounded to the 5th decimal place
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_request_duration() {
		return $this->request_duration;
	}

	/**
	 * Get the response handler class name
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_response_handler() {
		return $this->response_handler;
	}

	/**
	 * Get the response code
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_response_code() {
		return $this->response_code;
	}

	/**
	 * Get the response message
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_response_message() {
		return $this->response_message;
	}

	/**
	 * Get the response headers
	 *
	 * @since 3.0.0
	 * @return array
	 */
	protected function get_response_headers() {
		return $this->response_headers;
	}

	/**
	 * Get the raw response body, prior to any parsing or sanitization
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_raw_response_body() {
		return $this->raw_response_body;
	}

	/**
	 * Get the sanitized response body, provided by the response class
	 * to_string_safe() method
	 *
	 * @since 3.0.0
	 * @return string|null
	 */
	protected function get_sanitized_response_body() {
		return is_callable( array( $this->get_response(), 'to_string_safe' ) ) ? $this->get_response()->to_string_safe() : null;
	}

	/**
	 * Returns the most recent request object.
	 *
	 * @since 3.0.0
	 *
	 * @return API_Request|object the most recent request object
	 */
	public function get_request() {

		return $this->request;
	}

	/**
	 * Returns the most recent response object.
	 *
	 * @since 3.0.0
	 *
	 * @return API_Response|object the most recent response object
	 */
	public function get_response() {

		return $this->response;
	}

	/**
	 * Get the ID for the API, used primarily to namespace the action name
	 * for broadcasting requests
	 *
	 * @since 3.0.0
	 * @return string
	 */
	protected function get_api_id() {

		return 'square';
	}

	/**
	 * Return a new request object
	 *
	 * Child classes must implement this to return an object that implements
	 * API_Request which should be used in the child class API methods
	 * to build the request. The returned API_Request should be passed
	 * to self::perform_request() by your concrete API methods
	 *
	 * @since 3.0.0
	 *
	 * @param array $args optional request arguments
	 * @return API_Request|object
	 */
	abstract protected function get_new_request( $args = array() );

	/**
	 * Return the plugin class instance associated with this API
	 *
	 * Child classes must implement this to return their plugin class instance
	 *
	 * This is used for defining the plugin ID used in filter names, as well
	 * as the plugin name used for the default user agent.
	 *
	 * @since 3.0.0
	 *
	 * @return WooCommerce\Square\Framework\Plugin
	 */
	abstract protected function get_plugin();

	/**
	 * Set the Content-Type request header
	 *
	 * @since 4.6.3
	 * @param string $content_type The request content type.
	 */
	protected function set_request_content_type_header( $content_type ) {
		$this->request_headers['content-type'] = $content_type;
	}

	/**
	 * Set the Accept request header
	 *
	 * @since 4.6.3
	 * @param string $type The request accept type.
	 */
	protected function set_request_accept_header( $type ) {
		$this->request_headers['accept'] = $type;
	}

	/**
	 * Set the response handler class name. This class will be instantiated
	 * to parse the response for the request.
	 *
	 * @since 3.0.0
	 *
	 * @param string $handler handle class name
	 */
	protected function set_response_handler( $handler ) {
		$this->response_handler = $handler;
	}

	/**
	 * Maybe force TLS v1.2 requests.
	 *
	 * @since 3.0.0
	 *
	 * @param resource $handle the cURL handle returned by curl_init() (passed by reference)
	 * @param array $r the HTTP request arguments
	 * @param $url string the request URL
	 */
	public function set_tls_1_2_request( $handle, $r, $url ) {

		if ( ! Square_Helper::str_starts_with( $url, 'https://' ) ) {
			return;
		}

		curl_setopt( $handle, CURLOPT_SSLVERSION, 6 ); // phpcs:ignore WordPress.WP.AlternativeFunctions.curl_curl_setopt
	}

	/**
	 * Determine if TLS v1.2 is required for API requests.
	 *
	 * Subclasses should override this to return true if TLS v1.2 is required.
	 *
	 * @since 3.0.0
	 * @return bool
	 */
	public function require_tls_1_2() {
		return false;
	}

	/**
	 * Determines if TLS 1.2 is available.
	 *
	 * @since 3.0.0
	 *
	 * @return bool
	 */
	public function is_tls_1_2_available() {

		// assume availability to avoid notices for unknown SSL types
		$is_available = true;

		// check the cURL version if installed
		if ( is_callable( 'curl_version' ) ) {

			$versions = curl_version();

			// cURL 7.34.0 is considered the minimum version that supports TLS 1.2
			if ( version_compare( $versions['version'], '7.34.0', '<' ) ) {
				$is_available = false;
			}
		}

		/**
		 * Filters whether TLS 1.2 is available.
		 *
		 * @since 3.0.0
		 *
		 * @param bool $is_available whether TLS 1.2 is available
		 * @param Base $api API class instance
		 */
		return apply_filters( 'wc_square_api_is_tls_1_2_available', $is_available, $this );
	}
}