torrent-gateway/internal/tracker/tracker.go

package tracker

import (
	"crypto/rand"
	"encoding/hex"
	"fmt"
	"log"
	"net"
	"net/http"
	"net/url"
	"strconv"
	"strings"
	"sync"
	"time"

	"github.com/anacrolix/torrent/bencode"
	"git.sovbit.dev/enki/torrentGateway/internal/config"
)

// Tracker represents a BitTorrent tracker instance
type Tracker struct {
	peers       map[string]map[string]*PeerInfo // infoHash -> peerID -> peer
	mutex       sync.RWMutex
	config      *config.TrackerConfig
	gateway     Gateway // Interface to gateway for WebSeed functionality
	coordinator P2PCoordinator // Interface to P2P coordinator
	startTime   time.Time
}

// P2PCoordinator interface for tracker integration
type P2PCoordinator interface {
	GetPeers(infoHash string) []CoordinatorPeerInfo
	OnPeerConnect(infoHash string, peer CoordinatorPeerInfo)
	AnnounceToExternalServices(infoHash string, port int) error
}

// CoordinatorPeerInfo represents peer info for coordination
type CoordinatorPeerInfo struct {
	IP       string
	Port     int
	PeerID   string
	Source   string
	Quality  int
	LastSeen time.Time
}

// Gateway interface for accessing gateway functionality
type Gateway interface {
	GetPublicURL() string
	IsValidInfoHash(infoHash string) bool
	GetWebSeedURL(infoHash string) string
}


// PeerInfo represents a peer in the tracker
type PeerInfo struct {
	PeerID     string    `json:"peer_id"`
	IP         string    `json:"ip"`
	Port       int       `json:"port"`
	Uploaded   int64     `json:"uploaded"`
	Downloaded int64     `json:"downloaded"`
	Left       int64     `json:"left"`
	LastSeen   time.Time `json:"last_seen"`
	Event      string    `json:"event"`
	Key        string    `json:"key"`
	Compact    bool      `json:"compact"`
}

// AnnounceRequest represents an announce request from a peer
type AnnounceRequest struct {
	InfoHash   string `json:"info_hash"`
	PeerID     string `json:"peer_id"`
	Port       int    `json:"port"`
	Uploaded   int64  `json:"uploaded"`
	Downloaded int64  `json:"downloaded"`
	Left       int64  `json:"left"`
	Event      string `json:"event"`
	IP         string `json:"ip"`
	NumWant    int    `json:"numwant"`
	Key        string `json:"key"`
	Compact    bool   `json:"compact"`
}

// AnnounceResponse represents the tracker's response to an announce
type AnnounceResponse struct {
	FailureReason  string      `bencode:"failure reason,omitempty"`
	WarningMessage string      `bencode:"warning message,omitempty"`
	Interval       int         `bencode:"interval"`
	MinInterval    int         `bencode:"min interval,omitempty"`
	TrackerID      string      `bencode:"tracker id,omitempty"`
	Complete       int         `bencode:"complete"`
	Incomplete     int         `bencode:"incomplete"`
	Peers          interface{} `bencode:"peers"`
}

// CompactPeer represents a peer in compact format (6 bytes: 4 for IP, 2 for port)
type CompactPeer struct {
	IP   [4]byte
	Port uint16
}

// DictPeer represents a peer in dictionary format
type DictPeer struct {
	PeerID string `bencode:"peer id"`
	IP     string `bencode:"ip"`
	Port   int    `bencode:"port"`
}

// NewTracker creates a new tracker instance
func NewTracker(config *config.TrackerConfig, gateway Gateway) *Tracker {
	t := &Tracker{
		peers:     make(map[string]map[string]*PeerInfo),
		config:    config,
		gateway:   gateway,
		startTime: time.Now(),
	}

	// Start cleanup routine
	go t.cleanupRoutine()

	return t
}

// SetCoordinator sets the P2P coordinator for integration
func (t *Tracker) SetCoordinator(coordinator P2PCoordinator) {
	t.coordinator = coordinator
}

// detectAbuse checks for suspicious announce patterns
func (t *Tracker) detectAbuse(req *AnnounceRequest, clientIP string) bool {
	// Check for too frequent announces from same IP
	if t.isAnnounceSpam(clientIP, req.InfoHash) {
		log.Printf("Abuse detected: Too frequent announces from IP %s", clientIP)
		return true
	}
	
	// Check for invalid peer_id patterns
	if t.isInvalidPeerID(req.PeerID) {
		log.Printf("Abuse detected: Invalid peer_id pattern from IP %s", clientIP)
		return true
	}
	
	// Check for suspicious port numbers
	if t.isSuspiciousPort(req.Port) {
		log.Printf("Abuse detected: Suspicious port %d from IP %s", req.Port, clientIP)
		return true
	}
	
	// Check for known bad actors (would be a database in production)
	if t.isKnownBadActor(clientIP) {
		log.Printf("Abuse detected: Known bad actor IP %s", clientIP)
		return true
	}
	
	return false
}

// Abuse detection helper methods
func (t *Tracker) isAnnounceSpam(clientIP, infoHash string) bool {
	// In production, this would check a time-windowed database
	// For now, use simple in-memory tracking
	_ = clientIP + ":" + infoHash // Would be used for tracking
	
	// Simple spam detection: more than 10 announces per minute
	// This would be more sophisticated in production
	return false // Placeholder
}

func (t *Tracker) isInvalidPeerID(peerID string) bool {
	// Check for invalid peer_id patterns
	if len(peerID) != 20 {
		return true
	}
	
	// Check for all zeros or all same character (suspicious)
	allSame := true
	firstChar := peerID[0]
	for i := 1; i < len(peerID); i++ {
		if peerID[i] != firstChar {
			allSame = false
			break
		}
	}
	
	return allSame
}

func (t *Tracker) isSuspiciousPort(port int) bool {
	// Flag potentially suspicious ports
	suspiciousPorts := map[int]bool{
		22:   true, // SSH
		23:   true, // Telnet  
		25:   true, // SMTP
		53:   true, // DNS
		80:   true, // HTTP (web servers shouldn't be P2P clients)
		135:  true, // Windows RPC
		139:  true, // NetBIOS
		443:  true, // HTTPS (web servers shouldn't be P2P clients)
		445:  true, // SMB
		993:  true, // IMAPS
		995:  true, // POP3S
		1433: true, // SQL Server
		3389: true, // RDP
		5432: true, // PostgreSQL
	}
	
	// Ports < 1024 are privileged and suspicious for P2P
	// Ports > 65535 are invalid
	return suspiciousPorts[port] || port < 1024 || port > 65535
}

func (t *Tracker) isKnownBadActor(clientIP string) bool {
	// In production, this would check against:
	// - Blocklists from organizations like Bluetack
	// - Local abuse database
	// - Cloud provider IP ranges (if configured to block)
	
	// For now, just block obvious local/private ranges if configured
	privateRanges := []string{
		"192.168.", "10.", "172.16.", "172.17.", "172.18.", "172.19.",
		"172.20.", "172.21.", "172.22.", "172.23.", "172.24.", "172.25.",
		"172.26.", "172.27.", "172.28.", "172.29.", "172.30.", "172.31.",
	}
	
	// Only block private IPs if we're in a production environment
	// (you wouldn't want to block private IPs in development)
	for _, prefix := range privateRanges {
		if strings.HasPrefix(clientIP, prefix) {
			// In development, allow private IPs
			return false
		}
	}
	
	return false
}

// applyClientCompatibility adjusts response for specific BitTorrent clients
func (t *Tracker) applyClientCompatibility(userAgent string, response *AnnounceResponse) {
	client := t.detectClient(userAgent)
	
	switch client {
	case "qBittorrent":
		// qBittorrent works well with default settings
		// No special adjustments needed
		
	case "Transmission":
		// Transmission prefers shorter intervals
		if response.Interval > 1800 {
			response.Interval = 1800 // Max 30 minutes
		}
		
	case "WebTorrent":
		// WebTorrent needs specific adjustments for web compatibility
		// Ensure reasonable intervals for web clients
		if response.Interval > 300 {
			response.Interval = 300 // Max 5 minutes for web clients
		}
		if response.MinInterval > 60 {
			response.MinInterval = 60 // Min 1 minute for web clients
		}
		
	case "Deluge":
		// Deluge can handle longer intervals
		// No special adjustments needed
		
	case "uTorrent":
		// uTorrent specific compatibility
		// Some versions have issues with very short intervals
		if response.MinInterval < 60 {
			response.MinInterval = 60
		}
	}
}

// detectClient identifies BitTorrent client from User-Agent
func (t *Tracker) detectClient(userAgent string) string {
	if userAgent == "" {
		return "Unknown"
	}
	
	userAgent = strings.ToLower(userAgent)
	
	if strings.Contains(userAgent, "qbittorrent") {
		return "qBittorrent"
	}
	if strings.Contains(userAgent, "transmission") {
		return "Transmission"
	}
	if strings.Contains(userAgent, "webtorrent") {
		return "WebTorrent"
	}
	if strings.Contains(userAgent, "deluge") {
		return "Deluge"
	}
	if strings.Contains(userAgent, "utorrent") || strings.Contains(userAgent, "µtorrent") {
		return "uTorrent"
	}
	if strings.Contains(userAgent, "libtorrent") {
		return "libtorrent"
	}
	if strings.Contains(userAgent, "azureus") || strings.Contains(userAgent, "vuze") {
		return "Azureus"
	}
	if strings.Contains(userAgent, "bitcomet") {
		return "BitComet"
	}
	
	return "Unknown"
}

// getClientIP extracts the real client IP address
func getClientIP(r *http.Request) string {
	// Check X-Forwarded-For header first (proxy/load balancer)
	if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
		// Take the first IP in the chain
		if ips := strings.Split(xff, ","); len(ips) > 0 {
			return strings.TrimSpace(ips[0])
		}
	}
	
	// Check X-Real-IP header (nginx proxy)
	if xri := r.Header.Get("X-Real-IP"); xri != "" {
		return strings.TrimSpace(xri)
	}
	
	// Fall back to RemoteAddr
	ip, _, err := net.SplitHostPort(r.RemoteAddr)
	if err != nil {
		return r.RemoteAddr // Return as-is if can't parse
	}
	
	return ip
}

// HandleAnnounce processes announce requests from peers
func (t *Tracker) HandleAnnounce(w http.ResponseWriter, r *http.Request) {
	// Get client IP for abuse detection
	clientIP := getClientIP(r)
	
	// Parse announce request
	req, err := t.parseAnnounceRequest(r)
	if err != nil {
		t.writeErrorResponse(w, fmt.Sprintf("Invalid announce request: %v", err))
		return
	}

	// Detect and prevent abuse
	if t.detectAbuse(req, clientIP) {
		t.writeErrorResponse(w, "Request rejected due to abuse detection")
		return
	}

	// Validate info hash with gateway
	if !t.gateway.IsValidInfoHash(req.InfoHash) {
		t.writeErrorResponse(w, "Invalid info_hash")
		return
	}

	// Process the announce with client compatibility
	resp := t.processAnnounce(req)
	t.applyClientCompatibility(r.Header.Get("User-Agent"), resp)

	// Write response
	w.Header().Set("Content-Type", "text/plain")
	data, err := bencode.Marshal(resp)
	if err != nil {
		t.writeErrorResponse(w, "Internal server error")
		return
	}

	w.Write(data)
}

// parseAnnounceRequest extracts announce parameters from HTTP request
func (t *Tracker) parseAnnounceRequest(r *http.Request) (*AnnounceRequest, error) {
	query := r.URL.Query()

	// Required parameters
	infoHashHex := query.Get("info_hash")
	if infoHashHex == "" {
		return nil, fmt.Errorf("missing info_hash")
	}
	
	// URL decode the info_hash
	infoHash, err := url.QueryUnescape(infoHashHex)
	if err != nil {
		return nil, fmt.Errorf("invalid info_hash encoding")
	}
	infoHashStr := hex.EncodeToString([]byte(infoHash))

	peerID := query.Get("peer_id")
	if peerID == "" {
		return nil, fmt.Errorf("missing peer_id")
	}

	portStr := query.Get("port")
	if portStr == "" {
		return nil, fmt.Errorf("missing port")
	}
	port, err := strconv.Atoi(portStr)
	if err != nil || port <= 0 || port > 65535 {
		return nil, fmt.Errorf("invalid port")
	}

	// Parse numeric parameters
	uploaded, _ := strconv.ParseInt(query.Get("uploaded"), 10, 64)
	downloaded, _ := strconv.ParseInt(query.Get("downloaded"), 10, 64)
	left, _ := strconv.ParseInt(query.Get("left"), 10, 64)

	// Optional parameters
	event := query.Get("event")
	numWantStr := query.Get("numwant")
	numWant := t.config.DefaultNumWant
	if numWantStr != "" {
		if nw, err := strconv.Atoi(numWantStr); err == nil && nw > 0 {
			numWant = nw
			if numWant > t.config.MaxNumWant {
				numWant = t.config.MaxNumWant
			}
		}
	}

	compact := query.Get("compact") == "1"
	key := query.Get("key")

	// Get client IP
	ip := t.getClientIP(r)

	return &AnnounceRequest{
		InfoHash:   infoHashStr,
		PeerID:     peerID,
		Port:       port,
		Uploaded:   uploaded,
		Downloaded: downloaded,
		Left:       left,
		Event:      event,
		IP:         ip,
		NumWant:    numWant,
		Key:        key,
		Compact:    compact,
	}, nil
}

// processAnnounce handles the announce logic and returns a response
func (t *Tracker) processAnnounce(req *AnnounceRequest) *AnnounceResponse {
	t.mutex.Lock()
	defer t.mutex.Unlock()

	// Initialize torrent peer map if not exists
	if t.peers[req.InfoHash] == nil {
		t.peers[req.InfoHash] = make(map[string]*PeerInfo)
	}

	torrentPeers := t.peers[req.InfoHash]

	// Handle peer events
	switch req.Event {
	case "stopped":
		delete(torrentPeers, req.PeerID)
	default:
		// Update or add peer
		peer := &PeerInfo{
			PeerID:     req.PeerID,
			IP:         req.IP,
			Port:       req.Port,
			Uploaded:   req.Uploaded,
			Downloaded: req.Downloaded,
			Left:       req.Left,
			LastSeen:   time.Now(),
			Event:      req.Event,
			Key:        req.Key,
			Compact:    req.Compact,
		}
		torrentPeers[req.PeerID] = peer
		
		// Notify coordinator of new peer connection
		if t.coordinator != nil {
			coordPeer := CoordinatorPeerInfo{
				IP:       peer.IP,
				Port:     peer.Port,
				PeerID:   peer.PeerID,
				Source:   "tracker",
				Quality:  70, // Tracker peers have good quality
				LastSeen: peer.LastSeen,
			}
			t.coordinator.OnPeerConnect(req.InfoHash, coordPeer)
			
			// Announce to external services (DHT, etc.) for new torrents
			if req.Event == "started" {
				go func() {
					if err := t.coordinator.AnnounceToExternalServices(req.InfoHash, req.Port); err != nil {
						log.Printf("Failed to announce to external services: %v", err)
					}
				}()
			}
		}
	}

	// Count seeders and leechers
	complete, incomplete := t.countPeers(torrentPeers)

	// Get peer list for response
	peers := t.getPeerList(req, torrentPeers)

	return &AnnounceResponse{
		Interval:    t.config.AnnounceInterval,
		MinInterval: t.config.MinInterval,
		Complete:    complete,
		Incomplete:  incomplete,
		Peers:       peers,
	}
}

// getPeerList returns a list of peers using coordinator for unified peer discovery
func (t *Tracker) getPeerList(req *AnnounceRequest, torrentPeers map[string]*PeerInfo) interface{} {
	var selectedPeers []*PeerInfo

	// Use coordinator for unified peer discovery if available
	if t.coordinator != nil {
		coordinatorPeers := t.coordinator.GetPeers(req.InfoHash)
		
		// Convert coordinator peers to tracker format
		for _, coordPeer := range coordinatorPeers {
			// Skip the requesting peer
			if coordPeer.PeerID == req.PeerID {
				continue
			}
			
			trackerPeer := &PeerInfo{
				PeerID:   coordPeer.PeerID,
				IP:       coordPeer.IP,
				Port:     coordPeer.Port,
				Left:     0, // Assume seeder if from coordinator
				LastSeen: coordPeer.LastSeen,
			}
			selectedPeers = append(selectedPeers, trackerPeer)
			
			if len(selectedPeers) >= req.NumWant {
				break
			}
		}
	} else {
		// Fallback to local tracker peers + WebSeed
		
		// Always include gateway as WebSeed peer if we have WebSeed URL
		webSeedURL := t.gateway.GetWebSeedURL(req.InfoHash)
		if webSeedURL != "" {
			// Parse gateway URL to get IP and port
			if u, err := url.Parse(t.gateway.GetPublicURL()); err == nil {
				host := u.Hostname()
				portStr := u.Port()
				if portStr == "" {
					portStr = "80"
					if u.Scheme == "https" {
						portStr = "443"
					}
				}
				if port, err := strconv.Atoi(portStr); err == nil {
					gatewyPeer := &PeerInfo{
						PeerID:   generateWebSeedPeerID(),
						IP:       host,
						Port:     port,
						Left:     0, // Gateway is always a seeder
						LastSeen: time.Now(),
					}
					selectedPeers = append(selectedPeers, gatewyPeer)
				}
			}
		}

		// Add other peers (excluding the requesting peer)
		count := 0
		for peerID, peer := range torrentPeers {
			if peerID != req.PeerID && count < req.NumWant {
				selectedPeers = append(selectedPeers, peer)
				count++
			}
		}
	}

	// Return in requested format
	if req.Compact {
		return t.createCompactPeerList(selectedPeers)
	}
	return t.createDictPeerList(selectedPeers)
}

// createCompactPeerList creates compact peer list (6 bytes per peer)
func (t *Tracker) createCompactPeerList(peers []*PeerInfo) []byte {
	var compactPeers []byte

	for _, peer := range peers {
		ip := net.ParseIP(peer.IP)
		if ip == nil {
			continue
		}

		// Convert to IPv4
		ipv4 := ip.To4()
		if ipv4 == nil {
			continue
		}

		// 6 bytes: 4 for IP, 2 for port
		peerBytes := make([]byte, 6)
		copy(peerBytes[0:4], ipv4)
		peerBytes[4] = byte(peer.Port >> 8)
		peerBytes[5] = byte(peer.Port & 0xFF)

		compactPeers = append(compactPeers, peerBytes...)
	}

	return compactPeers
}

// createDictPeerList creates dictionary peer list
func (t *Tracker) createDictPeerList(peers []*PeerInfo) []DictPeer {
	var dictPeers []DictPeer

	for _, peer := range peers {
		dictPeers = append(dictPeers, DictPeer{
			PeerID: peer.PeerID,
			IP:     peer.IP,
			Port:   peer.Port,
		})
	}

	return dictPeers
}

// countPeers counts seeders and leechers
func (t *Tracker) countPeers(torrentPeers map[string]*PeerInfo) (complete, incomplete int) {
	for _, peer := range torrentPeers {
		if peer.Left == 0 {
			complete++
		} else {
			incomplete++
		}
	}
	return
}

// getClientIP extracts the client IP from the request
func (t *Tracker) getClientIP(r *http.Request) string {
	// Check X-Forwarded-For header first
	xff := r.Header.Get("X-Forwarded-For")
	if xff != "" {
		// Take the first IP in the chain
		parts := strings.Split(xff, ",")
		ip := strings.TrimSpace(parts[0])
		if net.ParseIP(ip) != nil {
			return ip
		}
	}

	// Check X-Real-IP header
	xri := r.Header.Get("X-Real-IP")
	if xri != "" && net.ParseIP(xri) != nil {
		return xri
	}

	// Fall back to RemoteAddr
	host, _, err := net.SplitHostPort(r.RemoteAddr)
	if err != nil {
		return r.RemoteAddr
	}
	return host
}

// writeErrorResponse writes an error response in bencode format
func (t *Tracker) writeErrorResponse(w http.ResponseWriter, message string) {
	resp := map[string]interface{}{
		"failure reason": message,
	}

	w.Header().Set("Content-Type", "text/plain")
	data, _ := bencode.Marshal(resp)
	w.Write(data)
}

// cleanupRoutine periodically removes expired peers
func (t *Tracker) cleanupRoutine() {
	ticker := time.NewTicker(t.config.CleanupInterval)
	defer ticker.Stop()

	for range ticker.C {
		t.cleanupExpiredPeers()
	}
}

// cleanupExpiredPeers removes peers that haven't announced recently
func (t *Tracker) cleanupExpiredPeers() {
	t.mutex.Lock()
	defer t.mutex.Unlock()

	now := time.Now()
	expiry := now.Add(-t.config.PeerTimeout)

	for infoHash, torrentPeers := range t.peers {
		for peerID, peer := range torrentPeers {
			if peer.LastSeen.Before(expiry) {
				delete(torrentPeers, peerID)
			}
		}

		// Remove empty torrent entries
		if len(torrentPeers) == 0 {
			delete(t.peers, infoHash)
		}
	}
}

// generateWebSeedPeerID generates a consistent peer ID for the gateway WebSeed
func generateWebSeedPeerID() string {
	// Use a predictable prefix for WebSeed peers
	prefix := "-GT0001-" // Gateway Tracker v0.0.1
	
	// Generate random suffix
	suffix := make([]byte, 6)
	rand.Read(suffix)
	
	return prefix + hex.EncodeToString(suffix)
}

// GetStats returns tracker statistics
func (t *Tracker) GetStats() map[string]interface{} {
	t.mutex.RLock()
	defer t.mutex.RUnlock()

	totalTorrents := len(t.peers)
	totalPeers := 0
	totalSeeders := 0
	totalLeechers := 0

	for _, torrentPeers := range t.peers {
		totalPeers += len(torrentPeers)
		for _, peer := range torrentPeers {
			if peer.Left == 0 {
				totalSeeders++
			} else {
				totalLeechers++
			}
		}
	}

	return map[string]interface{}{
		"torrents": totalTorrents,
		"peers":    totalPeers,
		"seeders":  totalSeeders,
		"leechers": totalLeechers,
	}
}