package readme

import ( "context" regexp "github.com/wasilibs/go-re2" "net/http" "strings"

"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"

)

type Scanner struct{}

// Ensure the Scanner satisfies the interface at compile time. var _ detectors.Detector = (*Scanner)(nil)

var ( // Make sure that your group is surrounded in boundary characters such as below to reduce false positives. keyPat = regexp.MustCompile((rdme_[a-z0-9]{70})) )

// Keywords are used for efficiently pre-filtering chunks. // Use identifiers in the secret preferably, or the provider name. func (s Scanner) Keywords() []string { return []string{"rdme_"} }

// FromData will find and optionally verify ReadMe secrets in a given set of bytes. func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) { dataStr := string(data)

matches := keyPat.FindAllStringSubmatch(dataStr, -1)

for _, match := range matches {
	if len(match) != 2 {
		continue
	}
	resMatch := strings.TrimSpace(match[1])

	s1 := detectors.Result{
		DetectorType: detectorspb.DetectorType_ReadMe,
		Raw:          []byte(resMatch),
	}

	if verify {
		req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://dash.readme.com/api/v1", nil)
		if err != nil {
			continue
		}
		req.SetBasicAuth(resMatch, "")
		req.Header.Add("accept", "application/json")
		res, err := http.DefaultClient.Do(req)
		if err == nil {
			defer res.Body.Close()
			if res.StatusCode >= 200 && res.StatusCode < 300 {
				s1.Verified = true
			}
		}
	}

	results = append(results, s1)
}

return results, nil

}

func (s Scanner) Type() detectorspb.DetectorType { return detectorspb.DetectorType_ReadMe }

func (s Scanner) Description() string { return "ReadMe is a documentation platform that helps you build out your API and product documentation. ReadMe API keys can be used to access and modify your documentation data." }