package inject

import (
	"sort"
	"strings"

	"github.com/drone/drone/common"
	"gopkg.in/yaml.v2"
)

// Inject injects a map of parameters into a raw string and returns
// the resulting string.
//
// Parameters are represented in the string using $$ notation, similar
// to how environment variables are defined in Makefiles.
func Inject(raw string, params map[string]string) string {
	if params == nil {
		return raw
	}
	keys := []string{}
	for k := range params {
		keys = append(keys, k)
	}
	sort.Sort(sort.Reverse(sort.StringSlice(keys)))
	injected := raw
	for _, k := range keys {
		v := params[k]
		injected = strings.Replace(injected, "$$"+k, v, -1)
	}
	return injected
}

// InjectSafe attempts to safely inject parameters without leaking
// parameters in the Build or Compose section of the yaml file.
//
// The intended use case for this function are public pull requests.
// We want to avoid a malicious pull request that allows someone
// to inject and print private variables.
func InjectSafe(raw string, params map[string]string) string {
	before, _ := parse(raw)
	after, _ := parse(Inject(raw, params))
	before.Notify = after.Notify
	before.Publish = after.Publish
	before.Deploy = after.Deploy
	result, _ := yaml.Marshal(before)
	return string(result)
}

// helper funtion to parse a yaml configuration file.
func parse(raw string) (*common.Config, error) {
	cfg := common.Config{}
	err := yaml.Unmarshal([]byte(raw), &cfg)
	return &cfg, err
}