use pulldown_cmark::{CowStr, Event, Options, Parser, Tag, TagEnd, html};

use crate::sanitize::SanitizePreset;

/// Returns true if the URL uses a scheme not in the safe allowlist.
///
/// Safe schemes: `http`, `https`, `mailto`, `ftp`. Relative URLs (no scheme) are safe.
fn has_dangerous_scheme(url: &str) -> bool {
    let trimmed = url.trim();
    if let Some(colon_pos) = trimmed.find(':') {
        let before_colon = &trimmed[..colon_pos];
        if before_colon.contains('/')
            || before_colon.contains('#')
            || before_colon.contains('?')
        {
            return false;
        }
        let scheme = before_colon.to_ascii_lowercase();
        !matches!(scheme.as_str(), "http" | "https" | "mailto" | "ftp")
    } else {
        false
    }
}

/// Result of rendering markdown with metadata.
#[derive(Debug, Clone)]
pub struct RenderResult {
    pub html: String,
    pub word_count: u32,
    pub reading_time_minutes: u32,
}

/// Configurable markdown renderer with builder pattern.
pub struct Renderer {
    tables: bool,
    strikethrough: bool,
    footnotes: bool,
    smart_punctuation: bool,
    tasklists: bool,
    strip_images: bool,
    strip_raw_html: bool,
    dangerous_scheme_filter: bool,
    sanitize: SanitizePreset,
}

impl Renderer {
    /// GFM features, default ammonia sanitization. Suitable for trusted content
    /// like docs and blog posts.
    pub fn permissive() -> Self {
        Self {
            tables: true,
            strikethrough: true,
            footnotes: true,
            smart_punctuation: true,
            tasklists: true,
            strip_images: false,
            strip_raw_html: false,
            dangerous_scheme_filter: false,
            sanitize: SanitizePreset::Permissive,
        }
    }

    /// GFM features, no images. Suitable for app text fields (descriptions,
    /// notes).
    pub fn standard() -> Self {
        Self {
            tables: true,
            strikethrough: true,
            footnotes: false,
            smart_punctuation: true,
            tasklists: true,
            strip_images: true,
            strip_raw_html: false,
            dangerous_scheme_filter: false,
            sanitize: SanitizePreset::Standard,
        }
    }

    /// No images, no raw HTML, dangerous scheme blocking, nofollow on links.
    /// Suitable for user-generated content (forum posts).
    pub fn strict() -> Self {
        Self {
            tables: false,
            strikethrough: false,
            footnotes: false,
            smart_punctuation: false,
            tasklists: false,
            strip_images: true,
            strip_raw_html: true,
            dangerous_scheme_filter: true,
            sanitize: SanitizePreset::Strict,
        }
    }

    /// No markdown parsing, only ammonia sanitization. Suitable for HTML from
    /// external sources (RSS feeds).
    pub fn sanitize_only() -> Self {
        Self {
            tables: false,
            strikethrough: false,
            footnotes: false,
            smart_punctuation: false,
            tasklists: false,
            strip_images: false,
            strip_raw_html: false,
            dangerous_scheme_filter: false,
            sanitize: SanitizePreset::Permissive,
        }
    }

    pub fn with_tables(mut self, enabled: bool) -> Self {
        self.tables = enabled;
        self
    }

    pub fn with_strikethrough(mut self, enabled: bool) -> Self {
        self.strikethrough = enabled;
        self
    }

    pub fn with_footnotes(mut self, enabled: bool) -> Self {
        self.footnotes = enabled;
        self
    }

    pub fn with_smart_punctuation(mut self, enabled: bool) -> Self {
        self.smart_punctuation = enabled;
        self
    }

    pub fn with_tasklists(mut self, enabled: bool) -> Self {
        self.tasklists = enabled;
        self
    }

    pub fn with_strip_images(mut self, enabled: bool) -> Self {
        self.strip_images = enabled;
        self
    }

    pub fn with_strip_raw_html(mut self, enabled: bool) -> Self {
        self.strip_raw_html = enabled;
        self
    }

    pub fn with_dangerous_scheme_filter(mut self, enabled: bool) -> Self {
        self.dangerous_scheme_filter = enabled;
        self
    }

    pub fn with_sanitize(mut self, preset: SanitizePreset) -> Self {
        self.sanitize = preset;
        self
    }

    fn build_options(&self) -> Options {
        let mut opts = Options::empty();
        if self.tables {
            opts.insert(Options::ENABLE_TABLES);
        }
        if self.strikethrough {
            opts.insert(Options::ENABLE_STRIKETHROUGH);
        }
        if self.footnotes {
            opts.insert(Options::ENABLE_FOOTNOTES);
        }
        if self.smart_punctuation {
            opts.insert(Options::ENABLE_SMART_PUNCTUATION);
        }
        if self.tasklists {
            opts.insert(Options::ENABLE_TASKLISTS);
        }
        opts
    }

    /// Render markdown to sanitized HTML.
    pub fn render(&self, input: &str) -> String {
        if input.is_empty() {
            return String::new();
        }
        let html_output = self.render_raw(input);
        self.sanitize.clean(&html_output)
    }

    /// Render markdown to sanitized HTML with metadata.
    pub fn render_with_meta(&self, input: &str) -> RenderResult {
        let html = self.render(input);
        let wc = crate::text::word_count(input);
        RenderResult {
            html,
            word_count: wc,
            reading_time_minutes: crate::text::reading_time_minutes(wc),
        }
    }

    /// Sanitize pre-rendered HTML without markdown parsing.
    pub fn sanitize_html(&self, html: &str) -> String {
        self.sanitize.clean(html)
    }

    fn render_raw(&self, input: &str) -> String {
        let options = self.build_options();
        let parser = Parser::new_ext(input, options);

        let strip_images = self.strip_images;
        let strip_raw_html = self.strip_raw_html;
        let scheme_filter = self.dangerous_scheme_filter;

        let filtered = parser.filter_map(move |event| match event {
            // Strip raw HTML events
            Event::Html(_) | Event::InlineHtml(_) if strip_raw_html => None,
            // Neutralize dangerous schemes on links
            Event::Start(Tag::Link {
                link_type,
                dest_url,
                title,
                id,
            }) if scheme_filter && has_dangerous_scheme(&dest_url) => {
                Some(Event::Start(Tag::Link {
                    link_type,
                    dest_url: CowStr::Borrowed("#"),
                    title,
                    id,
                }))
            }
            // Strip images entirely (alt text passes through as plain text)
            Event::Start(Tag::Image { .. }) | Event::End(TagEnd::Image) if strip_images => None,
            other => Some(other),
        });

        let mut output = String::new();
        html::push_html(&mut output, filtered);
        output
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    // ===== has_dangerous_scheme =====

    #[test]
    fn safe_schemes() {
        assert!(!has_dangerous_scheme("https://example.com"));
        assert!(!has_dangerous_scheme("http://example.com"));
        assert!(!has_dangerous_scheme("mailto:user@example.com"));
        assert!(!has_dangerous_scheme("ftp://files.example.com"));
    }

    #[test]
    fn dangerous_schemes() {
        assert!(has_dangerous_scheme("javascript:alert(1)"));
        assert!(has_dangerous_scheme("data:text/html,<script>"));
        assert!(has_dangerous_scheme("vbscript:msgbox"));
    }

    #[test]
    fn case_insensitive_schemes() {
        assert!(has_dangerous_scheme("JaVaScRiPt:alert(1)"));
        assert!(has_dangerous_scheme("DATA:text/html,x"));
    }

    #[test]
    fn relative_urls_are_safe() {
        assert!(!has_dangerous_scheme("/about"));
        assert!(!has_dangerous_scheme("#heading"));
        assert!(!has_dangerous_scheme("page.html"));
        assert!(!has_dangerous_scheme("path/to:file"));
    }

    #[test]
    fn query_string_before_colon_is_safe() {
        // "x?y:z" — '?' before ':' means the part before ':' isn't a scheme.
        // Pins the `|| before_colon.contains('?')` arm of the disjunction.
        assert!(!has_dangerous_scheme("page?q=foo:bar"));
    }

    #[test]
    fn fragment_before_colon_is_safe() {
        // "x#y:z" — '#' before ':' likewise. Pins the `|| contains('#')` arm.
        assert!(!has_dangerous_scheme("page#sec:1"));
    }

    // ===== Permissive preset =====

    #[test]
    fn permissive_basic_markdown() {
        let r = Renderer::permissive();
        let html = r.render("# Hello\n\nThis is a **test**.");
        assert!(html.contains("<h1>Hello</h1>"));
        assert!(html.contains("<strong>test</strong>"));
    }

    #[test]
    fn permissive_tables() {
        let r = Renderer::permissive();
        let html = r.render("| A | B |\n|---|---|\n| 1 | 2 |");
        assert!(html.contains("<table>"));
        assert!(html.contains("<td>"));
    }

    #[test]
    fn permissive_smart_punctuation() {
        let r = Renderer::permissive();
        let html = r.render("It's a \"test\"");
        assert!(
            html.contains('\u{201c}') || html.contains('\u{201d}') || html.contains("\"")
        );
    }

    #[test]
    fn permissive_strips_script() {
        let r = Renderer::permissive();
        let html = r.render("Hello <script>alert('xss')</script> world");
        assert!(!html.contains("<script>"));
    }

    #[test]
    fn permissive_keeps_images() {
        let r = Renderer::permissive();
        let html = r.render("![alt](https://example.com/img.png)");
        assert!(html.contains("<img"));
    }

    #[test]
    fn permissive_empty_input() {
        assert_eq!(Renderer::permissive().render(""), "");
    }

    // ===== Standard preset =====

    #[test]
    fn standard_strips_images() {
        let r = Renderer::standard();
        let html = r.render("![alt text](https://example.com/img.png)");
        assert!(!html.contains("<img"));
        assert!(html.contains("alt text"));
    }

    #[test]
    fn standard_keeps_tables() {
        let r = Renderer::standard();
        let html = r.render("| A |\n|---|\n| 1 |");
        assert!(html.contains("<table>"));
    }

    // ===== Strict preset =====

    #[test]
    fn with_strip_raw_html_toggle_is_observable() {
        // Pins the `if strip_raw_html` guard in render_raw: the same renderer
        // preset with the flag toggled must produce different output. `<u>` is
        // allowed by ammonia's permissive sanitizer, so the only thing removing
        // it is the pulldown-stage Event::Html filter.
        let kept = Renderer::permissive().render("hello <u>raw</u> world");
        let stripped = Renderer::permissive()
            .with_strip_raw_html(true)
            .render("hello <u>raw</u> world");
        assert!(kept.contains("<u>"), "<u> should survive permissive: {}", kept);
        assert!(!stripped.contains("<u>"), "<u> should be stripped: {}", stripped);
    }

    #[test]
    fn strict_strips_raw_html() {
        let r = Renderer::strict();
        let html = r.render("<script>alert('xss')</script>");
        assert!(!html.contains("<script>"));
        assert!(!html.contains("</script>"));
    }

    #[test]
    fn strict_strips_inline_html() {
        let r = Renderer::strict();
        let html = r.render("hello <b>bold</b> world");
        assert!(!html.contains("<b>"));
        assert!(html.contains("hello"));
        assert!(html.contains("world"));
    }

    #[test]
    fn strict_strips_images() {
        let r = Renderer::strict();
        let html = r.render("![alt text](https://example.com/img.png)");
        assert!(!html.contains("<img"));
        assert!(html.contains("alt text"));
    }

    #[test]
    fn strict_neutralizes_javascript_urls() {
        let r = Renderer::strict();
        let html = r.render("[click me](javascript:alert(1))");
        assert!(html.contains("click me"));
        assert!(!html.contains("javascript:"));
        assert!(html.contains(r##"href="#""##));
    }

    #[test]
    fn strict_neutralizes_case_insensitive() {
        let r = Renderer::strict();
        let html = r.render("[xss](JaVaScRiPt:alert(1))");
        assert!(!html.contains("javascript:"));
        assert!(!html.contains("JaVaScRiPt:"));
    }

    #[test]
    fn strict_neutralizes_data_urls() {
        let r = Renderer::strict();
        let html = r.render("[xss](data:text/html,<script>alert(1)</script>)");
        assert!(!html.contains("data:text"));
    }

    #[test]
    fn strict_neutralizes_vbscript() {
        let r = Renderer::strict();
        let html = r.render("[xss](vbscript:msgbox)");
        assert!(!html.contains("vbscript:"));
    }

    #[test]
    fn strict_preserves_safe_urls() {
        let r = Renderer::strict();
        let html = r.render("[link](https://example.com)");
        assert!(html.contains(r#"href="https://example.com""#));

        let html = r.render("[mail](mailto:user@example.com)");
        assert!(html.contains(r#"href="mailto:user@example.com""#));
    }

    #[test]
    fn strict_preserves_relative_urls() {
        let r = Renderer::strict();
        let html = r.render("[page](/about)");
        assert!(html.contains(r#"href="/about""#));

        let html = r.render("[section](#heading)");
        assert!(html.contains(r##"href="#heading""##));
    }

    #[test]
    fn strict_links_have_nofollow() {
        let r = Renderer::strict();
        let html = r.render("[example](https://example.com)");
        assert!(result_has_rel(&html, "nofollow"));
        assert!(result_has_rel(&html, "noopener"));
    }

    #[test]
    fn strict_bold_italic() {
        let r = Renderer::strict();
        let html = r.render("**bold** and *italic*");
        assert!(html.contains("<strong>bold</strong>"));
        assert!(html.contains("<em>italic</em>"));
    }

    #[test]
    fn strict_inline_code() {
        let r = Renderer::strict();
        let html = r.render("use `foo()` here");
        assert!(html.contains("<code>foo()</code>"));
    }

    #[test]
    fn strict_code_block() {
        let r = Renderer::strict();
        let html = r.render("```\nlet x = 1;\n```");
        assert!(html.contains("<pre><code>"));
        assert!(html.contains("let x = 1;"));
    }

    #[test]
    fn strict_blockquote() {
        let r = Renderer::strict();
        let html = r.render("> quoted text");
        assert!(html.contains("<blockquote>"));
        assert!(html.contains("quoted text"));
    }

    #[test]
    fn strict_unordered_list() {
        let r = Renderer::strict();
        let html = r.render("- item one\n- item two");
        assert!(html.contains("<ul>"));
        assert!(html.contains("<li>item one</li>"));
    }

    #[test]
    fn strict_heading() {
        let r = Renderer::strict();
        let html = r.render("## Section Title");
        assert!(html.contains("<h2>Section Title</h2>"));
    }

    #[test]
    fn strict_plain_text() {
        let r = Renderer::strict();
        assert_eq!(r.render("hello world"), "<p>hello world</p>\n");
    }

    #[test]
    fn strict_empty_input() {
        assert_eq!(Renderer::strict().render(""), "");
    }

    // ===== Sanitize-only preset =====

    #[test]
    fn sanitize_only_cleans_html() {
        let r = Renderer::sanitize_only();
        let html = r.sanitize_html("<p>Hello</p><script>bad</script>");
        assert!(html.contains("<p>Hello</p>"));
        assert!(!html.contains("<script>"));
    }

    // ===== Builder methods =====

    #[test]
    fn builder_override() {
        let r = Renderer::strict().with_strip_images(false);
        let html = r.render("![alt](https://example.com/img.png)");
        assert!(html.contains("<img"));
    }

    // ===== render_with_meta =====

    #[test]
    fn render_with_meta_includes_counts() {
        let r = Renderer::permissive();
        let result = r.render_with_meta("Hello world. This is a test.");
        assert!(result.html.contains("Hello world"));
        assert_eq!(result.word_count, 6);
        assert_eq!(result.reading_time_minutes, 1);
    }

    fn result_has_rel(html: &str, rel_value: &str) -> bool {
        html.contains(rel_value)
    }
}