<?php

class blacklist {

    private static $log_file = '../blacklist/ip_attempts.log';
    private static $blacklist_file = '../blacklist/ip.txt';
    private static $max_attempts = 5;
    private static $time_window = 10 * 60; // 10 minutes en secondes

    public static function execute() {
        return self::check();
    }

    public static function isValidIPv4() {
        return (ENVIRONNEMENT == "DEV") ? TRUE : filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== FALSE;
    }

    private static function getFullUrl() { $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
        return $protocol . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
    }
    
    private static function isBlacklistExtention() {
        $uri = $_SERVER['REQUEST_URI'];
        $blackListExtention = ['php'];
        $extension = pathinfo(parse_url($uri, PHP_URL_PATH), PATHINFO_EXTENSION);
        return in_array(strtolower($extension), $blackListExtention);
    }

    private static function readBlacklist(){ // Charger les tentatives existantes
        $attempts = [];
        if (file_exists(self::$log_file)) {
            $lines = file(self::$log_file, FILE_IGNORE_NEW_LINES);
            foreach ($lines as $line) {
                list($ip, $timestamp) = explode(',', $line);
                $attempts[] = ['ip' => $ip, 'timestamp' => strtotime($timestamp)];
            }
        }
        return $attempts;
    }

    private static function checkBlacklist(string $_ip){ // Vérifier si l'IP est déjà blacklistée
        $blacklisted = FALSE;
        if (file_exists(self::$blacklist_file)) {
            $blacklisted_ips = file(self::$blacklist_file, FILE_IGNORE_NEW_LINES);
            $blacklisted = in_array($_ip, $blacklisted_ips);
        }
        return $blacklisted;
    }

    private static function addBlacklist(string $_ip){ // Ajouter une nouvelle tentative
        file_put_contents(self::$log_file, "$_ip," . date('Y-m-d H:i:s') . ", " . $_SERVER["REQUEST_METHOD"] . "," . self::getFullUrl() . "\n", FILE_APPEND);
    }
    
    private static function check() {
        if (self::isBlacklistExtention()) {
            $now = time();
            $time_window = self::$time_window;
            $attempts = self::readBlacklist();
            $ip = $_SERVER['REMOTE_ADDR'];

            // Vérifie si l'IP est déjà blacklistée
            $blacklisted = self::checkBlacklist($ip);

            // Ajoute une tentative
            self::addBlacklist($ip);

            // Filtre les tentatives récentes
            $recent_attempts = array_filter($attempts, function ($attempt) use ($ip, $now, $time_window) {
                return $attempt['ip'] === $ip && ($now - $attempt['timestamp']) <= $time_window;
            });

            // Si trop de tentatives, ajoute l'IP à la blacklist
            if (count($recent_attempts) + 1 > self::$max_attempts && !$blacklisted) {
                file_put_contents(self::$blacklist_file, "$ip\n", FILE_APPEND);
                $blacklisted = true;
            }

            // Redirection si blacklisté
            if ($blacklisted) {
                header("HTTP/1.1 403 Forbidden");
                header("Location: /noAccess.php");
                exit();
            } else {
                return ["error" => 404, "text" => "La page que vous cherchez n'existe pas."];
            }
        } else {
            return ["error" => 404, "text" => "La page que vous cherchez n'existe pas."];
        }
    }

    public static function itIs(){ // Est-il blacklisté
        if(self::checkBlacklist($_SERVER['REMOTE_ADDR'])){
            header("Location: /noAccess.php");
            exit();
        }
        return NULL;
    }

}