from flask import Flask, request
import logging
import json
from datetime import datetime, timezone
import requests
import sys

# === Flask App Initialization ===
app = Flask(__name__)

# === Elasticsearch Configuration ===
ELASTIC_URL = "http://x.x.x.x:8080"
ELASTIC_HEADERS = {
    "Content-Type": "application/json"
}

# === Logging Configuration ===
log_formatter = logging.Formatter("%(asctime)s - %(levelname)s - %(message)s")

file_handler = logging.FileHandler("app.log")
file_handler.setFormatter(log_formatter)
file_handler.setLevel(logging.INFO)

console_handler = logging.StreamHandler(sys.stdout)
console_handler.setFormatter(log_formatter)
console_handler.setLevel(logging.INFO)

logger = logging.getLogger()
logger.setLevel(logging.INFO)
logger.handlers.clear()
logger.addHandler(file_handler)
logger.addHandler(console_handler)

# === Minimal Formatter ===
def format_uef(payload):
    logger.info("🔧 Converting payload to minimal format")

    device_product = "Data Security Edition"
    device_vendor = "Superna"
    device_version = "V1"
    device_event_class_id = "security"
    version = "1.0"
    event_type = "threat_detection"

    event = payload.get("id", "Unknown")
    severity = payload.get("severity", "Unknown")
    state = payload.get("state", "Unknown")
    detected = payload.get("detected", "Unknown")
    detected_time = payload.get("detectedTime", 0)

    try:
        timestamp = datetime.fromtimestamp(detected_time / 1000, tz=timezone.utc).isoformat()
    except Exception as e:
        timestamp = "Unknown"
        logger.error("❌ Error converting detectedTime to timestamp: %s", str(e))

    nes = ", ".join(payload.get("nes", []))
    files = "; ".join(payload.get("files", []))
    shares = "; ".join(share.get("name", "Unknown") for share in payload.get("shares", []))
    alert_url = payload.get("url", "Unknown")

    protocol = payload.get("protocol", "Unknown")
    client_ip = payload.get("clientIPs", ["Unknown"])[0]
    user = payload.get("userName", "Unknown")
    actions = [action.get("action", "Unknown") for action in payload.get("actions", [])]
    action = " | ".join(actions)

    final_doc = {
        "timestamp": timestamp,
        "device_product": device_product,
        "device_vendor": device_vendor,
        "device_version": device_version,
        "device_event_class_id": device_event_class_id,
        "version": version,
        "event_type": event_type,
        "event": event,
        "severity": severity,
        "state": state,
        "detected": detected,
        "detected_time": detected_time,
        "nes": nes,
        "files": files,
        "shares": shares,
        "protocol": protocol,
        "client_ip": client_ip,
        "user": user,
        "action": action,
        "Alert_url": alert_url
    }

    logger.info("✅ Payload formatted:\n%s", json.dumps(final_doc, indent=2))
    return final_doc

# === Send to Elasticsearch ===
def send_to_elasticsearch(document):
    logger.info("📤 Sending document to Elasticsearch")
    try:
        payload_json = json.dumps(document, indent=2)
        print("📄 Payload Sent:\n" + payload_json, flush=True)
        logger.info("📄 Payload Sent:\n%s", payload_json)

        response = requests.post(
            ELASTIC_URL,
            headers=ELASTIC_HEADERS,
            data=payload_json
        )

        print(f"📥 Elasticsearch HTTP status code: {response.status_code}", flush=True)
        print(f"📥 Elasticsearch response body: {response.text}", flush=True)
        logger.info("📥 Elasticsearch status: %d", response.status_code)
        logger.info("📥 Elasticsearch response: %s", response.text.strip())

        if response.status_code in [200, 201]:
            logger.info("✅ Document indexed successfully")
            return {"message": "Data sent to Elasticsearch"}
        else:
            logger.error("❌ Failed to index document: %s", response.text)
            return {"error": f"Failed to send data: {response.text}"}
    except Exception as e:
        logger.exception("❌ Exception sending to Elasticsearch")
        return {"error": str(e)}

# === Webhook Endpoint ===
@app.route('/webhook', methods=['POST'])
def webhook():
    logger.info("📩 Webhook endpoint triggered")
    try:
        payload = request.get_json(force=True)
        logger.info("📦 Incoming Payload:\n%s", json.dumps(payload, indent=2))
        print("📦 Raw Payload:\n" + json.dumps(payload, indent=2), flush=True)

        minimal_doc = format_uef(payload)

        result = send_to_elasticsearch(minimal_doc)
        logger.info("✅ Webhook processing completed")

        return json.dumps(result), 200 if "message" in result else 500
    except Exception as e:
        logger.exception("❌ Error in webhook handler")
        return json.dumps({"error": str(e)}), 500

# === Run Server ===
if __name__ == '__main__':
    logger.info("🚀 Starting server at 0.0.0.0:5000")
    app.run(host='0.0.0.0', port=5000, debug=True)