# frozen_string_literal: true

# Monkey patch Transaction::Notification to prevent attachments from being
# included in ticket notification emails for security/privacy reasons.
#
# This overrides the send_notification_email method to always pass an empty
# attachments array instead of article.attachments_inline.

module TransactionNotificationNoAttachments
  def send_notification_email(user:, ticket:, article:, changes:, current_user:, recipients_reason:)
    template = case @item[:type]
               when 'create'
                 'ticket_create'
               when 'update'
                 'ticket_update'
               when 'reminder_reached'
                 'ticket_reminder_reached'
               when 'escalation'
                 'ticket_escalation'
               when 'escalation_warning'
                 'ticket_escalation_warning'
               when 'update.merged_into', 'update.received_merge'
                 'ticket_update_merged'
               when 'update.reaction'
                 'ticket_article_update_reaction'
               else
                 raise "unknown type for notification #{@item[:type]}"
               end

    # HARDENING: Always use empty attachments array to prevent leaking sensitive files
    original_attachment_count = article&.attachments_inline&.count || 0
    attachments = []

    if original_attachment_count > 0
      Rails.logger.info "[HARDENING] Stripped #{original_attachment_count} attachment(s) from notification email for ticket ##{ticket.id}"
    end

    NotificationFactory::Mailer.notification(
      template:    template,
      user:        user,
      objects:     {
        ticket:       ticket,
        article:      article,
        recipient:    user,
        current_user: current_user,
        changes:      changes,
        reason:       recipients_reason[user.id],
      },
      message_id:  "<notification.#{DateTime.current.to_fs(:number)}.#{ticket.id}.#{user.id}.#{SecureRandom.uuid}@#{Setting.get('fqdn')}>",
      references:  ticket.get_references,
      main_object: ticket,
      attachments: attachments,
    )
    Rails.logger.debug { "sent ticket email notification to agent (#{@item[:type]}/#{ticket.id}/#{user.email})" }
  rescue Channel::DeliveryError => e
    status_code = begin
      e.original_error.response.status.to_i
    rescue
      raise e
    end

    if Transaction::Notification::SILENCABLE_SMTP_ERROR_CODES.any? { |elem| elem.include? status_code }
      Rails.logger.info do
        "could not send ticket email notification to agent (#{@item[:type]}/#{ticket.id}/#{user.email}) #{e.original_error}"
      end

      return
    end

    raise e
  end
end

# Apply the monkey patch after Rails initialization when all classes are loaded
Rails.application.config.after_initialize do
  Rails.logger.info '[HARDENING] Loading TransactionNotificationNoAttachments monkey patch...'
  Transaction::Notification.prepend(TransactionNotificationNoAttachments)
  Rails.logger.info '[HARDENING] TransactionNotificationNoAttachments monkey patch successfully applied - email attachments will be stripped from notifications'
end