package utils

import (
	"regexp"
	"strings"
)

// SanitizeHTML removes potentially dangerous HTML tags and attributes
// This is a basic implementation. For production, consider using bluemonday library
func SanitizeHTML(html string) string {
	// Remove script tags and content
	reScript := regexp.MustCompile(`(?i)<script[^>]*>.*?</script>`)
	html = reScript.ReplaceAllString(html, "")

	// Remove inline event handlers (onclick, onerror, etc.)
	reEvents := regexp.MustCompile(`(?i)\s*on\w+\s*=\s*["'][^"']*["']`)
	html = reEvents.ReplaceAllString(html, "")

	// Remove javascript: URLs
	reJSURL := regexp.MustCompile(`(?i)javascript:`)
	html = reJSURL.ReplaceAllString(html, "")

	// Remove iframe tags (can be optionally allowed if needed)
	reIframe := regexp.MustCompile(`(?i)<iframe[^>]*>.*?</iframe>`)
	html = reIframe.ReplaceAllString(html, "")

	// Remove object/embed tags
	reObject := regexp.MustCompile(`(?i)<(object|embed)[^>]*>.*?</\1>`)
	html = reObject.ReplaceAllString(html, "")

	// Remove style tags (if CSS injection is a concern)
	// Uncomment if you want to remove inline styles
	// reStyle := regexp.MustCompile(`(?i)<style[^>]*>.*?</style>`)
	// html = reStyle.ReplaceAllString(html, "")

	return strings.TrimSpace(html)
}

// SanitizeString removes HTML tags entirely and returns plain text
func SanitizeString(input string) string {
	// Remove all HTML tags
	reHTML := regexp.MustCompile(`<[^>]*>`)
	text := reHTML.ReplaceAllString(input, " ")

	// Normalize whitespace
	text = strings.Join(strings.Fields(text), " ")

	return strings.TrimSpace(text)
}

// ValidateURL checks if a URL is safe (http/https only)
func ValidateURL(url string) bool {
	if url == "" {
		return true
	}
	lower := strings.ToLower(strings.TrimSpace(url))
	return strings.HasPrefix(lower, "http://") || strings.HasPrefix(lower, "https://") || strings.HasPrefix(lower, "/")
}

// SanitizeFilename removes dangerous characters from filenames
func SanitizeFilename(filename string) string {
	// Remove path traversal attempts
	filename = strings.ReplaceAll(filename, "..", "")
	filename = strings.ReplaceAll(filename, "/", "")
	filename = strings.ReplaceAll(filename, "\\", "")

	// Allow only safe characters
	re := regexp.MustCompile(`[^a-zA-Z0-9._-]`)
	filename = re.ReplaceAllString(filename, "_")

	// Limit length
	if len(filename) > 200 {
		filename = filename[:200]
	}

	return filename
}

// RemoveNullBytes removes null bytes that can cause issues
func RemoveNullBytes(s string) string {
	return strings.ReplaceAll(s, "\x00", "")
}