<?php
$pdo = module_fn('pi_control', 'pdo');
module_fn('pi_control', 'ensure_schema');
$table = fn(string $name) => module_fn('pi_control', 'table', $name);
$assets = app()->assets();
if ($assets) {
    $assets->addStyle('/module/pi_control/asset?file=pi_control.css');
    $assets->addScript('/module/pi_control/asset?file=hosts.js', 'footer', true);
}

$notice = null;
$error = null;

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    require_admin();
    $deleteId = (int)($_POST['delete_id'] ?? 0);
    $editId = (int)($_POST['id'] ?? 0);
    $name = trim((string)($_POST['name'] ?? ''));
    $host = trim((string)($_POST['host'] ?? ''));
    $port = (int)($_POST['port'] ?? 22);
    $username = trim((string)($_POST['username'] ?? ''));
    $authType = trim((string)($_POST['auth_type'] ?? 'key'));
    $keyPath = trim((string)($_POST['key_path'] ?? ''));
    $password = trim((string)($_POST['password'] ?? ''));
    $imageUrl = trim((string)($_POST['image_url'] ?? ''));

    if ($deleteId > 0) {
        $stmt = $pdo->prepare('DELETE FROM ' . $table('hosts') . ' WHERE id = :id');
        $stmt->execute(['id' => $deleteId]);
        $notice = 'Host gelöscht.';
    } else {
        if ($name === '' || $host === '' || $username === '') {
            $error = 'Bitte Name, Host und Benutzer angeben.';
        } else {
            if ($editId > 0) {
                $stmt = $pdo->prepare('SELECT * FROM ' . $table('hosts') . ' WHERE id = :id LIMIT 1');
                $stmt->execute(['id' => $editId]);
                $existing = $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
                $passwordToStore = $password !== '' ? $password : ($existing['password'] ?? null);
                $stmt = $pdo->prepare(
                    'UPDATE ' . $table('hosts') . ' SET name = :name, host = :host, port = :port, username = :username, auth_type = :auth_type, key_path = :key_path, password = :password, image_url = :image_url WHERE id = :id'
                );
                $stmt->execute([
                    'id' => $editId,
                    'name' => $name,
                    'host' => $host,
                    'port' => $port > 0 ? $port : 22,
                    'username' => $username,
                    'auth_type' => $authType !== '' ? $authType : 'key',
                    'key_path' => $keyPath !== '' ? $keyPath : null,
                    'password' => $passwordToStore,
                    'image_url' => $imageUrl !== '' ? $imageUrl : null,
                ]);
                $notice = 'Host aktualisiert.';
            } else {
                $stmt = $pdo->prepare(
                    'INSERT INTO ' . $table('hosts') . ' (name, host, port, username, auth_type, key_path, password, image_url) VALUES (:name, :host, :port, :username, :auth_type, :key_path, :password, :image_url)'
                );
                $stmt->execute([
                    'name' => $name,
                    'host' => $host,
                    'port' => $port > 0 ? $port : 22,
                    'username' => $username,
                    'auth_type' => $authType !== '' ? $authType : 'key',
                    'key_path' => $keyPath !== '' ? $keyPath : null,
                    'password' => $password !== '' ? $password : null,
                    'image_url' => $imageUrl !== '' ? $imageUrl : null,
                ]);
                $notice = 'Host gespeichert.';
            }
        }
    }
}

$hosts = $pdo->query('SELECT * FROM ' . $table('hosts') . ' ORDER BY id DESC')->fetchAll(PDO::FETCH_ASSOC);
$settings = modules()->settings('pi_control');
$strictHostKey = !empty($settings['terminal_strict_hostkey']);

function hostReachable(string $host, int $port): bool
{
    $errno = 0;
    $errstr = '';
    $fp = @fsockopen($host, $port, $errno, $errstr, 1.2);
    if ($fp) {
        fclose($fp);
        return true;
    }
    return false;
}

function runSshCommand(string $cmd, int $timeoutSec): int
{
    $descriptors = [
        1 => ['pipe', 'w'],
        2 => ['pipe', 'w'],
    ];
    $process = proc_open($cmd, $descriptors, $pipes);
    if (!is_resource($process)) {
        return 255;
    }
    stream_set_blocking($pipes[1], false);
    stream_set_blocking($pipes[2], false);
    $start = time();
    while (true) {
        $status = proc_get_status($process);
        if (!$status['running']) {
            $code = (int)$status['exitcode'];
            proc_close($process);
            return $code;
        }
        if (time() - $start > $timeoutSec) {
            proc_terminate($process, 9);
            proc_close($process);
            return 124;
        }
        usleep(100000);
    }
}

function hostAuthOk(array $host, bool $strictHostKey): bool
{
    $hostAddr = (string)($host['host'] ?? '');
    $user = (string)($host['username'] ?? '');
    $port = (int)($host['port'] ?? 22);
    $authType = (string)($host['auth_type'] ?? 'key');
    $keyPath = (string)($host['key_path'] ?? '');
    $password = (string)($host['password'] ?? '');
    if ($hostAddr === '' || $user === '') {
        return false;
    }

    $opts = $strictHostKey
        ? '-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/root/.ssh/known_hosts'
        : '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null';
    $opts .= ' -o ConnectTimeout=2 -o NumberOfPasswordPrompts=1';

    $target = escapeshellarg($user . '@' . $hostAddr);
    $cmd = 'ssh ' . $opts . ' -p ' . (int)$port . ' ';
    if ($authType === 'key' && $keyPath !== '') {
        $cmd .= '-i ' . escapeshellarg($keyPath) . ' -o BatchMode=yes ';
    } elseif ($authType === 'key') {
        $cmd .= '-o BatchMode=yes ';
    }
    $cmd .= $target . ' -- true';

    if ($authType === 'pass') {
        if ($password === '') {
            return false;
        }
        $cmd = 'sshpass -p ' . escapeshellarg($password) . ' ' . $cmd;
    }

    $exitCode = runSshCommand($cmd, 3);
    return $exitCode === 0;
}
?>
<div class="card">
  <div class="pill">Pi Control</div>
  <h1 style="margin-top:.75rem;">Hosts</h1>
  <p class="muted">Verwalte die Raspberry Pis, die du steuern möchtest.</p>

  <?php if ($error): ?>
    <div class="card" style="margin-top:1rem; border-color:#ffb4a8; background:#fff5f3; color:#7a2114;">
      <?= e($error) ?>
    </div>
  <?php elseif ($notice): ?>
    <div class="card" style="margin-top:1rem; border-color:var(--accent-2);">
      <?= e($notice) ?>
    </div>
  <?php endif; ?>

  <div class="grid" style="margin-top:1rem;">
    <div class="card form-card" style="background:var(--panel-2);">
      <strong>Neuer Host</strong>
      <form method="post" class="form-grid" style="margin-top:.75rem;" data-host-form>
        <input type="hidden" name="id" value="">
        <label class="form-field">
          <span class="muted">Name</span>
          <input type="text" name="name" placeholder="z.B. Wohnzimmer-Pi" required title="Eindeutiger Anzeigename für diesen Pi.">
        </label>
        <label class="form-field">
          <span class="muted">Host / IP</span>
          <input type="text" name="host" placeholder="z.B. 192.168.178.14 oder pi.local" required title="Hostname oder IP im Heimnetzwerk.">
        </label>
        <label class="form-field">
          <span class="muted">SSH Port</span>
          <input type="number" name="port" placeholder="22" value="22" title="Standard ist 22.">
        </label>
        <label class="form-field">
          <span class="muted">SSH Benutzer</span>
          <input type="text" name="username" placeholder="z.B. pi" required title="Benutzername auf dem Pi.">
        </label>
        <label class="form-field">
          <span class="muted">Auth-Typ</span>
          <select name="auth_type" title="key = SSH-Key, password = Passwort">
            <option value="key">key (SSH-Key)</option>
            <option value="pass">pass (Passwort)</option>
          </select>
        </label>
        <label class="form-field">
          <span class="muted">Key-Pfad (optional)</span>
          <input type="text" name="key_path" placeholder="/home/app/.ssh/id_rsa" title="Pfad zum Private-Key im Webserver-Container.">
        </label>
        <label class="form-field">
          <span class="muted">Passwort (optional)</span>
          <input type="password" name="password" placeholder="SSH-Passwort" title="Nur nutzen, wenn Auth-Typ = pass.">
        </label>
        <label class="form-field">
          <span class="muted">Bild-URL (optional)</span>
          <input type="text" name="image_url" placeholder="https://..." title="Optionales Bild für die Host-Karte.">
        </label>
        <div style="display:flex; gap:10px; flex-wrap:wrap;">
          <button class="cta-button" type="submit" data-host-submit>Speichern</button>
          <button class="nav-link" type="button" data-host-cancel>Zurücksetzen</button>
        </div>
      </form>
    </div>

    <div class="card form-card" style="background:var(--panel-2);">
      <strong>Registrierte Hosts</strong>
      <?php if (!$hosts): ?>
        <div class="muted" style="margin-top:.75rem;">Keine Hosts vorhanden.</div>
      <?php else: ?>
        <div class="host-grid" style="margin-top:.75rem;">
          <?php foreach ($hosts as $h): ?>
            <?php
              $portVal = (int)($h['port'] ?? 22);
              $reachable = hostReachable((string)($h['host'] ?? ''), $portVal);
              $authOk = $reachable ? hostAuthOk($h, $strictHostKey) : false;
              $statusClass = !$reachable ? 'status-down' : ($authOk ? 'status-ok' : 'status-auth');
            ?>
            <div class="host-card"
                 data-host-id="<?= e((string)$h['id']) ?>"
                 data-name="<?= e((string)($h['name'] ?? '')) ?>"
                 data-host="<?= e((string)($h['host'] ?? '')) ?>"
                 data-port="<?= e((string)($h['port'] ?? 22)) ?>"
                 data-username="<?= e((string)($h['username'] ?? '')) ?>"
                 data-auth="<?= e((string)($h['auth_type'] ?? 'key')) ?>"
                 data-key-path="<?= e((string)($h['key_path'] ?? '')) ?>"
                 data-image-url="<?= e((string)($h['image_url'] ?? '')) ?>">
              <div class="host-card-image"<?= !empty($h['image_url']) ? ' style="background-image:url(' . e((string)$h['image_url']) . ')"' : '' ?>>
                <div class="host-card-overlay"></div>
              </div>
              <div class="host-card-body">
                <div class="host-card-header">
                  <div class="host-card-title">
                    <span class="status-dot <?= $statusClass ?>"></span>
                    <strong><?= e((string)($h['name'] ?? '')) ?></strong>
                  </div>
                  <details class="action-menu">
                    <summary>☰</summary>
                    <div class="action-menu-panel">
                      <button class="nav-link" type="button" data-host-edit>Bearbeiten</button>
                      <form method="post" onsubmit="return confirm('Host wirklich löschen?')">
                        <input type="hidden" name="delete_id" value="<?= e((string)$h['id']) ?>">
                        <button class="nav-link" type="submit">Löschen</button>
                      </form>
                    </div>
                  </details>
                </div>
                <div class="muted"><?= e((string)($h['host'] ?? '')) ?>:<?= e((string)($portVal ?: 22)) ?></div>
                <div class="muted"><?= e((string)($h['username'] ?? '')) ?> · <?= e((string)($h['auth_type'] ?? '')) ?></div>
              </div>
            </div>
          <?php endforeach; ?>
        </div>
      <?php endif; ?>
    </div>
  </div>
</div>