call.go

package virtfusion

import (
	"bytes"
	"context"
	"crypto/tls"
	"encoding/json"
	"errors"
	"io"
	"net"
	"net/http"
	"net/url"
	"strings"

	"github.com/DuckyProject/virtfusion-go-sdk/types"
)

const (
	GET    = "GET"
	POST   = "POST"
	PUT    = "PUT"
	DELETE = "DELETE"
)

type httpConfig struct {
	httpClient              *http.Client
	insecureSkipVerifyForIP bool
}

func defaultHTTPConfig() httpConfig {
	return httpConfig{
		httpClient:              http.DefaultClient,
		insecureSkipVerifyForIP: true,
	}
}

func (c *Client) Call(ctx context.Context, path, method string, data any, resData any) error {
	baseURL := c.baseURL
	if baseURL == nil {
		parsed, err := url.Parse(strings.TrimRight(strings.TrimSpace(c.Endpoint), "/"))
		if err != nil {
			return err
		}
		baseURL = parsed
		c.baseURL = parsed
	}

	fullURL, err := c.resolveURL(path)
	if err != nil {
		return err
	}

	httpClient := c.httpConfig.httpClient
	if httpClient == nil {
		httpClient = http.DefaultClient
	}

	// 如果 Endpoint 包含 IP 地址，按配置跳过 TLS 证书检查（兼容旧行为）。
	if c.httpConfig.insecureSkipVerifyForIP {
		if ip := net.ParseIP(baseURL.Hostname()); ip != nil {
			httpClient = cloneHTTPClientWithInsecureSkipVerify(httpClient)
		}
	}

	var bodyReader io.Reader
	if data != nil && method != GET {
		marshal, err := json.Marshal(data)
		if err != nil {
			return err
		}
		bodyReader = bytes.NewBuffer(marshal)
	}

	req, err := http.NewRequestWithContext(ctx, method, fullURL, bodyReader)
	if err != nil {
		return err
	}
	if strings.TrimSpace(c.Token) != "" {
		req.Header.Set("Authorization", "Bearer "+c.Token)
	}
	req.Header.Add("Content-Type", "application/json")
	req.Header.Add("Accept", "application/json")

	res, err := httpClient.Do(req)
	if err != nil {
		return err
	}
	defer res.Body.Close()

	body, err := io.ReadAll(res.Body)
	if err != nil {
		return err
	}
	if res.StatusCode < 200 || res.StatusCode >= 300 {
		apiErr := &types.APIError{
			StatusCode: res.StatusCode,
			Method:     method,
			URL:        fullURL,
			Body:       body,
		}
		switch res.StatusCode {
		case http.StatusUnauthorized:
			apiErr.Kind = types.ErrUnauthorized
		case http.StatusNotFound:
			apiErr.Kind = types.ErrNotFound
		case http.StatusTooManyRequests:
			apiErr.Kind = types.ErrRateLimited
		}
		return apiErr
	}
	if resData != nil {
		if err := json.Unmarshal(body, resData); err != nil {
			return err
		}
	}
	return nil
}

func cloneHTTPClientWithInsecureSkipVerify(httpClient *http.Client) *http.Client {
	if httpClient == nil {
		httpClient = http.DefaultClient
	}

	baseTransport, _ := httpClient.Transport.(*http.Transport)
	var transport *http.Transport
	if baseTransport != nil {
		transport = baseTransport.Clone()
	} else {
		transport = &http.Transport{}
	}

	if transport.TLSClientConfig == nil {
		transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} //nolint:gosec
	} else {
		tlsCfg := transport.TLSClientConfig.Clone()
		tlsCfg.InsecureSkipVerify = true //nolint:gosec
		transport.TLSClientConfig = tlsCfg
	}

	return &http.Client{
		Transport:     transport,
		CheckRedirect: httpClient.CheckRedirect,
		Jar:           httpClient.Jar,
		Timeout:       httpClient.Timeout,
	}
}

func (c *Client) resolveURL(path string) (string, error) {
	if c.baseURL == nil {
		return "", errors.New("client baseURL 未初始化")
	}
	if strings.HasPrefix(path, "http://") || strings.HasPrefix(path, "https://") {
		return path, nil
	}
	if path == "" {
		return c.baseURL.String(), nil
	}

	u := *c.baseURL
	if strings.HasPrefix(path, "/") {
		u.Path = strings.TrimRight(u.Path, "/") + path
		return u.String(), nil
	}
	u.Path = strings.TrimRight(u.Path, "/") + "/" + path
	return u.String(), nil
}