#!/bin/bash

set -eu

COLOR_BLUE="\033[38;2;51;100;255m"
COLOR_RESET="\033[0m"
DEPLOY=false

# parse flags
for arg in "$@"; do
  case $arg in
    --deploy)
      DEPLOY=true
      shift
      ;;
  esac
done

echo "${COLOR_BLUE}"
echo "=========================================="
echo "        Setting up coryd.dev locally      "
echo "=========================================="
echo "${COLOR_RESET}"

# determine sed compatibility
if [[ "$OSTYPE" == "darwin"* ]]; then
  sed_inplace() {
    sed -i '' "$@"
  }
else
  sed_inplace() {
    sed -i "$@"
  }
fi

# get secrets from 1password
echo "${COLOR_BLUE}Signing in to 1Password...${COLOR_RESET}"
eval $(op signin)

echo "${COLOR_BLUE}Fetching secrets from 1Password...${COLOR_RESET}"
SECRETS_JSON='{
  "POSTGREST_URL": "{{ op://Private/coryd.dev secrets/POSTGREST_URL }}",
  "POSTGREST_API_KEY": "{{ op://Private/coryd.dev secrets/POSTGREST_API_KEY }}",
  "MASTODON_ACCESS_TOKEN": "{{ op://Private/coryd.dev secrets/MASTODON_ACCESS_TOKEN }}",
  "MASTODON_SYNDICATION_TOKEN": "{{ op://Private/coryd.dev secrets/MASTODON_SYNDICATION_TOKEN }}",
  "FORWARDEMAIL_API_KEY": "{{ op://Private/coryd.dev secrets/FORWARDEMAIL_API_KEY }}",
  "BOOK_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/BOOK_IMPORT_TOKEN }}",
  "WATCHING_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/WATCHING_IMPORT_TOKEN }}",
  "ARTIST_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/ARTIST_IMPORT_TOKEN }}",
  "TMDB_API_KEY": "{{ op://Private/coryd.dev secrets/TMDB_API_KEY }}",
  "SEASONS_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/SEASONS_IMPORT_TOKEN }}",
  "NAVIDROME_SCROBBLE_TOKEN": "{{ op://Private/coryd.dev secrets/NAVIDROME_SCROBBLE_TOKEN }}",
  "NAVIDROME_API_URL": "{{ op://Private/coryd.dev secrets/NAVIDROME_API_URL }}",
  "NAVIDROME_API_TOKEN": "{{ op://Private/coryd.dev secrets/NAVIDROME_API_TOKEN }}",
  "COOLIFY_REBUILD_TOKEN": "{{ op://Private/coryd.dev secrets/COOLIFY_REBUILD_TOKEN }}",
  "COOLIFY_REBUILD_URL": "{{ op://Private/coryd.dev secrets/COOLIFY_REBUILD_URL }}",
  "TOTAL_PLAYS_WEBHOOK": "{{ op://Private/coryd.dev secrets/TOTAL_PLAYS_WEBHOOK }}",
  "SITE_REBUILD_WEBHOOK": "{{ op://Private/coryd.dev secrets/SITE_REBUILD_WEBHOOK }}",
  "DIRECTUS_API_TOKEN": "{{ op://Private/coryd.dev secrets/DIRECTUS_API_TOKEN }}",
  "GIT_REPO": "{{ op://Private/coryd.dev secrets/GIT_REPO }}",
  "SERVER_IP": "{{ op://Private/coryd.dev secrets/SERVER_IP }}"
}'

SECRETS=$(echo "$SECRETS_JSON" | op inject)

if echo "$SECRETS" | grep -q '{{'; then
  echo "❌ Error: Unresolved placeholders remain in injected secrets. Check 1Password references." >&2
  exit 1
fi

echo "${COLOR_BLUE}Writing .env file...${COLOR_RESET}"
echo "$SECRETS" | jq -r 'to_entries | .[] | "\(.key)=\"\(.value | gsub("\""; "\\\""))\""' > .env
echo >> .env

while IFS= read -r line; do
  [[ "$line" =~ ^#.*$ || -z "$line" ]] && continue
  export "${line?}"
done < .env

echo "${COLOR_BLUE}✅ Loaded $(grep -c '^[A-Z0-9_]\+=' .env) secrets into .env${COLOR_RESET}"

CLI_DIR="$(dirname "$0")/../cli"

echo "${COLOR_BLUE}🗳️ Installing root JS packages...${COLOR_RESET}"
npm install --loglevel=silent --no-audit --no-fund | grep -v "up to date" || :

echo "${COLOR_BLUE}🐺 Initializing Husky Git hooks...${COLOR_RESET}"
npm run prepare

echo "${COLOR_BLUE}📦 Installing PHP packages...${COLOR_RESET}"
composer install --no-progress --no-interaction 2>&1 | \
  grep -Ev "^(Writing lock file|Generating optimized autoload files|Loading composer|Nothing to modify|Use the \`composer fund\`|No security vulnerability|Installing dependencies from lock file|Package operations|[0-9]+ packages you are using are looking for funding)"

echo "${COLOR_BLUE}🗃️ Installing CLI JS packages...${COLOR_RESET}"
( cd "$CLI_DIR" && npm install --loglevel=silent --no-audit --no-fund | grep -v "up to date" || : )

if ! command -v cd_cli >/dev/null 2>&1; then
  echo "${COLOR_BLUE}🔗 Linking CLI globally...${COLOR_RESET}"
  ( cd "$CLI_DIR" && npm link )
fi

echo "${COLOR_BLUE}⚙️ Initializing media storage config...${COLOR_RESET}"
cd_cli init

rm -rf generated
mkdir -p generated

# escape sed replacements
escape_special_chars() {
  printf '%s' "$1" | sed 's/[&/\|]/\\&/g'
}

# replace placeholders in template file
render_template() {
  local input="$1"
  local output="$2"
  cp "$input" "$output"

  for key in $(jq -r 'keys_unsorted[]' <<< "$SECRETS"); do
    value=$(jq -r --arg k "$key" '.[$k]' <<< "$SECRETS")
    sed_inplace "s|{{${key}}}|$(escape_special_chars "$value")|g" "$output"
  done
}

# render templates
for filepath in scripts/templates/*.template; do
  [ -e "$filepath" ] || continue
  filename=$(basename "$filepath" .template)
  output="generated/$filename"
  render_template "$filepath" "$output"
done

echo "${COLOR_BLUE}✅ All configurations generated in the 'generated' folder.${COLOR_RESET}"

echo "${COLOR_BLUE}"
echo "=========================================="
echo "         Setup complete!                  "
echo "  Your local environment is ready! 💻     "
echo "=========================================="
echo "${COLOR_RESET}"

if [ "$DEPLOY" = true ]; then
  echo "${COLOR_BLUE}Reading module lists...${COLOR_RESET}"

  # read lists
  MODULES_LIST="scripts/lists/apache_modules.list"
  PHP_EXTENSIONS_LIST="scripts/lists/php_extensions.list"
  REQUIRED_MODULES=$(tr '\n' ' ' < "$MODULES_LIST" | sed 's/ *$//')
  REQUIRED_PHP_EXTENSIONS=$(tr '\n' ' ' < "$PHP_EXTENSIONS_LIST" | sed 's/ *$//')

  echo "${COLOR_BLUE}Writing server setup script...${COLOR_RESET}"

# generate server setup script
cat > generated/setup-server.sh <<EOF
#!/bin/bash
# This file is generated by setup.sh

set -eu

echo "🔧 Enabling Apache modules..."
sudo a2enmod $REQUIRED_MODULES
sudo systemctl restart apache2

echo "🔧 Installing PHP extensions..."
sudo apt update
sudo apt install -y $REQUIRED_PHP_EXTENSIONS
sudo systemctl restart php8.3-fpm

echo "🔧 Enabling site..."
sudo cp generated/coryd.dev.conf /etc/apache2/sites-available/
sudo a2dissite 000-default.conf || true
sudo a2ensite coryd.dev.conf
sudo systemctl reload apache2

echo "🔐 Running Certbot to obtain TLS certificates..."
if ! [ -f /etc/letsencrypt/live/coryd.dev/fullchain.pem ]; then
  sudo certbot --apache -d coryd.dev -d www.coryd.dev
else
  echo "✅ Certificate already exists, skipping Certbot."
fi

echo "🕒 Installing crontabs..."
sudo crontab generated/root.cron
sudo crontab -u www-data generated/www-data.cron

echo "✅ All done!"
EOF

  chmod +x generated/setup-server.sh

  echo "${COLOR_BLUE}"
  echo "=========================================="
  echo "         Deploy script generated!         "
  echo "  Ready to configure your server! 🚀      "
  echo "=========================================="
  echo "${COLOR_RESET}"

  read -p "📡 Enter the remote SSH host (e.g., user@hostname): " SSH_HOST

  if [[ -n "$SSH_HOST" ]]; then
    echo "${COLOR_BLUE}📤 Copying files to $SSH_HOST...${COLOR_RESET}"
    scp -r generated "$SSH_HOST:~/"

    echo "${COLOR_BLUE}"
    echo "=========================================="
    echo "       ✅ Files copied to server!         "
    echo "=========================================="
    echo "${COLOR_RESET}"

    echo "${COLOR_BLUE}🧑‍💻 Next steps on the server:${COLOR_RESET}"
    echo "   ssh $SSH_HOST"
    echo "   sudo su"
    echo "   ./generated/setup-server.sh"
  else
    echo "${COLOR_BLUE}⚠️ Skipping SSH deploy. No host provided.${COLOR_RESET}"
  fi
fi
echo "${COLOR_RESET}"