//! Simple, safe server-side html templating in Rust
//!
//! Build up a representation of an html page using plain Rust functions. Call `to_string()` on the
//! result to spit out an html string
//!
//!
//! The approach to XSS prevention is based on [this
//! guide](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#introduction).
//!
//! Here are a few things to keep in mind:
//! - All attribute keys need to be known at compile time. This avoids having them created
//! dynamically (and having to escape them).
//! - The values for `href`, `src` and `action` attributes are automatically url-encoded.
//! - All attribute values are double quoted. This makes escaping in attribute contexts easier
//! - All text is html escaped, except for css within [unsafe_style](crate::tags::unsafe_style).
//! - The `style` attribute is not supported. Use the [unsafe_style](crate::tags::unsafe_style) tag instead.
//! - Content _within_ `<script>` tags is ignored. Import scripts normally using the `src`
//! attribute.
//! - Event handler attributes are not supported (e.g. onclick, onmouseover). [Using
//! them is discouraged
//! anyways](https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes#event_handler_attributes).
//! Import a script and attach the handler there instead. Anything you set them to will be
//! ignored.

use std::collections::HashMap;

fn html_encode(input: &str) -> String {
    input
        .replace('&', "&amp;")
        .replace('<', "&lt;")
        .replace('>', "&gt;")
        .replace('"', "&quot;")
        .replace('\'', "&#39;")
}

fn html_attribute_encode(input: &str) -> String {
    input.replace('&', "&amp;").replace('"', "&quot;")
}

fn uri_encode(input: &str) -> String {
    // if it starts with `javascript:` just set the whole thing to blank. I don't even want to deal
    // with it.
    if input.starts_with("javascript:") {
        return "".into();
    }

    // Percent-encode the query string (https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-for-url-contexts)
    // Its unclear to me why this is a security recommendation as opposed to an ease of use thing
    // for consumers of the library (i.e. they don't have to uri encode things). Need to look into
    // this more.
    // TBD.
    input.into()
}

/// The html representation is a tree-structure made up of `Node`s.
#[derive(Debug)]
pub enum Node {
    /// A node representing an html tag
    HtmlTag(HtmlTag),

    /// A node representing text that has been html escaped
    Text(EscapedString),

    /// A container for nodes. The container does not get rendered to html, so the contained nodes
    /// appear as siblings to whatever was at the container-level
    Fragment(Fragment),
}

#[derive(Debug)]
/// A wrapper for a list of sibling html nodes. This wrapper does not appear in the html string
/// output.
pub struct Fragment {
    children: Vec<Node>,
}

#[derive(Debug)]
/// An arbitrary html tag with attributes and children
pub struct HtmlTag {
    tag: String,
    attrs: HashMap<&'static str, String>,
    children: Vec<Node>,
}

#[derive(Debug)]
/// A string that is safe to output into an Html node as text
pub struct EscapedString(String);

impl HtmlTag {
    fn serialize_attributes(&self) -> String {
        let mut attr_str = String::new();

        for (k, v) in &self.attrs {
            if *k == "action" || *k == "href" || *k == "src" {
                // common url fields. Uri encode to be safe. I don't expect people to be placing
                // untrusted user input in these fields...but you never know. The full list of
                // url-accepting attributes can be found here: https://www.w3.org/TR/REC-html40/index/attributes.html
                // I did not attempt to capture them all because I wasn't convinced it was
                // necessary
                attr_str.push_str(&format!(
                    r#" {}="{}""#,
                    k,
                    html_attribute_encode(&uri_encode(v))
                ));
            } else if k.starts_with("on") || *k == "style" {
                attr_str.push_str(&format!(r#" {}="""#, k));
            } else {
                attr_str.push_str(&format!(r#" {}="{}""#, k, html_attribute_encode(v)));
            }
        }

        attr_str
    }

    fn is_void_tag(&self) -> bool {
        matches!(
            self.tag.as_str(),
            "area"
                | "base"
                | "br"
                | "col"
                | "embed"
                | "hr"
                | "img"
                | "input"
                | "link"
                | "meta"
                | "source"
                | "track"
                | "wbr"
        )
    }
}

/// The structure needed to crate a new [HtmlTag](crate::HtmlTag)
pub struct NewHtmlTagParams {
    children: Vec<Node>,
    attrs: HashMap<&'static str, String>,
}

/// The structure needed to create a new [Fragment](crate::Fragment)
pub struct NewFragmentParams {
    children: Vec<Node>,
}

/// Functions for building up an html tree
pub mod tags {
    use super::{EscapedString, Fragment, HtmlTag, NewFragmentParams, Node};
    use std::collections::HashMap;

    macro_rules! impl_tag {
        ($($tag:ident), +) => {
            $(
                impl_tag![$tag, concat!("Create a `<", stringify!($tag), ">` node")];
            ) +
        };
        ($tag:ident, $doc:expr) => {
            #[doc = $doc]
            pub fn $tag(params: impl std::convert::Into<$crate::NewHtmlTagParams>) -> $crate::Node{
                let params = params.into();
                $crate::Node::HtmlTag($crate::HtmlTag {
                    tag: stringify!($tag).to_string(),
                    children: params.children,
                    attrs: params.attrs
                })
            }
        }
    }

    /// Create a fragment containing other nodes. Unlike the other functions in this module, a
    /// fragment is never rendered.
    pub fn frag(params: impl Into<NewFragmentParams>) -> Node {
        let params = params.into();
        Node::Fragment(Fragment {
            children: params.children,
        })
    }

    /// Create a `<style>` tag.
    ///
    /// Outputing content into `<style>` tags is risky because they are considered ["Dangerous
    /// contexts"](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#dangerous-contexts),
    /// meaning you can't completely prevent XSS. This crate makes no attempt to sanitize output
    /// from this function, so use at your own risk.
    pub fn unsafe_style(css: impl ToString) -> Node {
        let css = css.to_string();
        Node::HtmlTag(HtmlTag {
            tag: String::from("style"),
            // This function is is prefixed with _unsafe_ because we don't actually escape the css
            // string
            children: vec![Node::Text(EscapedString(css))],
            attrs: HashMap::new(),
        })
    }

    #[rustfmt::skip]
    impl_tag![
        // main root
        html,
        // document metadata
        base, head, link, meta, title,
        // sectioning root
        body,
        // content sectioning
        address, article, aside, footer, header, h1, h2, h3, h4, h5, h6, main, nav, section,
        // text content
        blockquote, dd, div, dl, dt, figcaption, figure, hr, li, menu, ol, p, pre, ul,
        // inline text semantics
        a, abbr, b, bdi, bdo, br, cite, code, data, dfn, em, i, kbd, mark, q, rp, rt, ruby, s, samp,
        small, span, strong, sub, sup, time, u, var, wbr,
        // image and multimedia
        area, audio, img, map, track, video,
        // embedded content
        embed, iframe, object, picture, portal, source,
        // svg and mathml
        svg, math,
        // scripting
        canvas, noscript, script,
        // demarcating edits
        del, ins,
        // table content
        caption, col, colgroup, table, tbody, td, tfoot, th, thead, tr,
        // forms
        button, datalist, fieldset, form, input, label, legend, meter, optgroup, option, output,
        progress, select, textarea,
        // interactive elements
        details, dialog, summary,
        // web components
        slot, template
    ];
}

// For a better consumer experience, including strings in the html should not require calling a tag
// function.
// I want the following to be possible:
// ```
// div("A string")
// div((attr!{ "class" => "value" }, "a string"))
// div(string_var)
// ```
impl From<&str> for NewHtmlTagParams {
    fn from(value: &str) -> Self {
        Self {
            attrs: HashMap::new(),
            children: vec![Node::Text(value.into())],
        }
    }
}

impl From<String> for NewHtmlTagParams {
    fn from(value: String) -> Self {
        Self {
            attrs: HashMap::new(),
            children: vec![Node::Text(value.as_str().into())],
        }
    }
}

impl From<(HashMap<&'static str, String>, &str)> for NewHtmlTagParams {
    fn from(value: (HashMap<&'static str, String>, &str)) -> Self {
        Self {
            attrs: value.0,
            children: vec![Node::Text(value.1.into())],
        }
    }
}

impl From<&str> for EscapedString {
    fn from(value: &str) -> Self {
        EscapedString(html_encode(value))
    }
}

// Consumers may wish to only pass nodes to tag functions.
// I want the following to be possible:
// ```
// div(span(()))
// div([p(()), p(())])
// frag(vec![input(()), input(())])
// ```
// The most common type used would be `array`, but for a dynamically generated list, I can see
// people using `Vec` as well.

impl From<()> for NewHtmlTagParams {
    fn from(_: ()) -> Self {
        Self {
            attrs: HashMap::new(),
            children: vec![],
        }
    }
}

impl From<Node> for NewHtmlTagParams {
    fn from(value: Node) -> Self {
        Self {
            attrs: HashMap::new(),
            children: vec![value],
        }
    }
}

impl From<Vec<Node>> for NewHtmlTagParams {
    fn from(value: Vec<Node>) -> Self {
        Self {
            attrs: HashMap::new(),
            children: value,
        }
    }
}

impl From<Vec<Node>> for NewFragmentParams {
    fn from(value: Vec<Node>) -> Self {
        Self { children: value }
    }
}

// Since array size is typed, I need to implement this for every size I want to support
macro_rules! impl_from_for_array {
    (NewHtmlTagParams, $($len:literal),+) => {
        $(
            impl From<[Node; $len]> for NewHtmlTagParams {
                fn from(value: [Node; $len]) -> Self {
                    Self {
                        attrs: HashMap::new(),
                        children: value.into_iter().map(|n| n).collect::<Vec<Node>>(),
                    }
                }
            }
        ) *
    };
    (NewFragmentParams, $($len:literal),+) => {
        $(
            impl From<[Node; $len]> for NewFragmentParams {
                fn from(value: [Node; $len]) -> Self {
                    Self {
                        children: value.into_iter().map(|n| n).collect::<Vec<Node>>(),
                    }
                }
            }
        ) *
    }
}

#[rustfmt::skip]
impl_from_for_array![
    NewHtmlTagParams,
    0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
    17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32
];

#[rustfmt::skip]
impl_from_for_array![
    NewFragmentParams,
    0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
    17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32
];

// Allow consumers to only pass in attributes when creating a node
impl From<HashMap<&'static str, String>> for NewHtmlTagParams {
    fn from(value: HashMap<&'static str, String>) -> Self {
        Self {
            attrs: value,
            children: vec![],
        }
    }
}

// When creating nodes using both attributes nodes, I want to give consumers enough flexibility in
// how the nodes are defined.
// I want the followiong to be possible:
// ```
// div((attr! { "one" => "two" }, div([]) ))
// div((attr! { "one" => "two" }, vec![div([]), span([])] ))
// div((attr! { "one" => "two" }, [div([]), span([])] ))
// ```

impl From<(HashMap<&'static str, String>, Node)> for NewHtmlTagParams {
    fn from(value: (HashMap<&'static str, String>, Node)) -> Self {
        Self {
            attrs: value.0,
            children: vec![value.1],
        }
    }
}

impl From<(HashMap<&'static str, String>, Vec<Node>)> for NewHtmlTagParams {
    fn from(value: (HashMap<&'static str, String>, Vec<Node>)) -> Self {
        Self {
            attrs: value.0,
            children: value.1,
        }
    }
}

macro_rules! impl_from_tuple {
    ($($len:literal),+) => {
        $(
            impl From<(HashMap<&'static str, String>, [Node; $len])> for NewHtmlTagParams {
                fn from(value: (HashMap<&'static str, String>, [Node; $len])) -> Self {
                    Self {
                        attrs: value.0,
                        children: value.1.into_iter().map(|n| n).collect::<Vec<Node>>(),
                    }
                }
            }
        ) +
    }
}

#[rustfmt::skip]
impl_from_tuple![
    0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
    17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32
];

#[macro_export]
/// Define attributes to be associated with an [HtmlTag](crate::HtmlTag)
///
/// You can only use string literals known at compile time for the key
/// You can use any type for the value as long as it implements `From<T>` for `String`
///
/// # Example
/// ```
/// use html_string::tags::div;
/// use html_string::attr;
///
/// let node = div(attr! { "class" => "box", "counter" => String::from("1") });
/// ```
macro_rules! attr {
    ($($key:literal => $value:expr),*) => {{
        let mut map: std::collections::HashMap<&'static str, String> = std::collections::HashMap::new();
        $(
            map.insert($key, $value.into());
        ) *
        map
    }};
}

// A marker used to indicate whether we should print a closing or opening tag when rendering Node
// tree
#[derive(Eq, PartialEq)]
enum TagType {
    Open,
    Close,
}

impl Node {
    fn render(&self) -> String {
        let mut visit_later: Vec<(TagType, &Node)> = vec![];
        let mut html = String::new();

        visit_later.push((TagType::Open, self));

        while let Some((t, current)) = visit_later.pop() {
            match current {
                n @ Node::HtmlTag(el @ HtmlTag { .. }) => {
                    if t == TagType::Close {
                        // we have previously visited this element and are now circling back to
                        // close it
                        html.push_str("</");
                        html.push_str(&el.tag);
                        html.push('>');
                    } else {
                        let attributes = el.serialize_attributes();

                        if el.children.is_empty() {
                            //  Empty node
                            if el.is_void_tag() {
                                html.push('<');
                                html.push_str(&el.tag);
                                html.push_str(&attributes);
                                html.push('>');
                            } else {
                                html.push('<');
                                html.push_str(&el.tag);
                                html.push_str(&attributes);
                                html.push('>');
                                html.push_str("</");
                                html.push_str(&el.tag);
                                html.push('>');
                            }
                        } else {
                            // Node with children

                            // We want to revisit this node later to close it
                            visit_later.push((TagType::Close, n));

                            // Children are pushed into the stack in reverse order so they can be
                            // popped in the correct order

                            if el.tag != "script" {
                                for child in el.children.iter().rev() {
                                    visit_later.push((TagType::Open, child));
                                }
                            }

                            html.push('<');
                            html.push_str(&el.tag);
                            html.push_str(&attributes);
                            html.push('>');
                        }
                    }
                }
                Node::Fragment(Fragment { children }) => {
                    for child in children.iter().rev() {
                        visit_later.push((TagType::Open, child));
                    }
                }
                Node::Text(s) => {
                    html.push_str(&s.0);
                }
            };
        }

        html
    }
}

impl std::fmt::Display for Node {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "{}", self.render())
    }
}

#[doc = include_str!("../README.md")]
#[cfg(doctest)]
pub struct ReadmeDocTests;

#[cfg(test)]
mod tests {
    use super::tags::*;
    use super::*;

    #[test]
    fn including_strings_in_html() {
        let baz = "baz";
        let bar = String::from("bar");
        let node = frag([span("foo"), span(bar), span(baz)]);
        assert_eq!(
            node.to_string(),
            "<span>foo</span><span>bar</span><span>baz</span>".to_owned()
        );
    }

    #[test]
    fn including_nodes_in_html() {
        let node = frag([
            div(span(())),
            div([p(()), p(())]),
            div(vec![input(()), input(())]),
            div([]),
        ]);
        assert_eq!(
            node.to_string(),
            "<div><span></span></div><div><p></p><p></p></div><div><input><input></div><div></div>"
                .to_owned()
        );
    }

    #[test]
    fn including_attributes_in_html() {
        let node = frag([
            div(attr! { "k" => "v" }),
            div((attr! { "k" => "v" }, "foo")),
            div((attr! { "k" => "v" }, div(()))),
            div((attr! { "k" => "v" }, [div(())])),
            div((attr! { "k" => "v" }, vec![div(())])),
        ]);
        assert_eq!(
            node.to_string(),
            r#"<div k="v"></div><div k="v">foo</div><div k="v"><div></div></div><div k="v"><div></div></div><div k="v"><div></div></div>"#.to_owned()
        );
    }

    #[test]
    fn style_attribute_not_supported() {
        let node = div(attr! { "style" => "background-color: black" });
        assert_eq!(node.to_string(), r#"<div style=""></div>"#);
    }

    #[test]
    fn unsafe_style_tag_outputs_style_tag() {
        let node = div(unsafe_style(
            r#"body { background-img: url("javascript:void"); }"#,
        ));
        assert_eq!(
            node.to_string(),
            r#"<div><style>body { background-img: url("javascript:void"); }</style></div>"#
        );
    }

    #[test]
    fn content_within_script_tags_ignored() {
        let node = script((attr! { "src" => "../myscript.js" }, "foo"));
        assert_eq!(
            node.to_string(),
            r#"<script src="../myscript.js"></script>"#
        );
    }

    #[test]
    fn event_handler_attributes_not_supported() {
        let node = div(attr! { "onclick" => "alert(1);" });
        assert_eq!(node.to_string(), r#"<div onclick=""></div>"#);
    }

    #[test]
    fn encode_html() {
        let node = div(r#""<span>'&boo'"#);
        assert_eq!(
            node.to_string(),
            r#"<div>&quot;&lt;span&gt;&#39;&amp;boo&#39;</div>"#
        );
    }

    #[test]
    fn encode_html_attribute_value() {
        let node = div(attr! { "class" => r#""&boo"# });
        assert_eq!(node.to_string(), r#"<div class="&quot;&amp;boo"></div>"#);
    }

    #[test]
    fn uri_encode_drop_javascript() {
        let node = img(attr! { "src" => "javascript:alert(1)" });

        assert_eq!(node.to_string(), r#"<img src="">"#);
    }
}