#!/bin/bash
set -e

ENV_FILE=".env"
ENV_EXAMPLE=".env.example"
ENV_LOCAL=".env.local"

echo "Kaboot Setup Script"
echo "==================="
echo ""

if [ -f "$ENV_FILE" ]; then
    read -p ".env file already exists. Overwrite? (y/N): " -n 1 -r
    echo ""
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Aborting. Existing .env file preserved."
        exit 0
    fi
fi

if [ ! -f "$ENV_EXAMPLE" ]; then
    echo "Error: .env.example not found. Run this script from the project root."
    exit 1
fi

# Detect host IP for network access
detect_host_ip() {
    if [[ "$OSTYPE" == "darwin"* ]]; then
        ipconfig getifaddr en0 2>/dev/null || ipconfig getifaddr en1 2>/dev/null || echo "localhost"
    else
        hostname -I 2>/dev/null | awk '{print $1}' || echo "localhost"
    fi
}

echo "Detecting network configuration..."
DETECTED_IP=$(detect_host_ip)
echo "  Detected IP: $DETECTED_IP"
echo ""
read -p "Enter host IP/domain for network access [$DETECTED_IP]: " KABOOT_HOST
KABOOT_HOST=${KABOOT_HOST:-$DETECTED_IP}

echo ""
echo "Generating secrets..."

PG_PASS=$(openssl rand -base64 36 | tr -d '\n')
AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')
AUTHENTIK_BOOTSTRAP_PASSWORD=$(openssl rand -base64 24 | tr -d '\n')
AUTHENTIK_BOOTSTRAP_TOKEN=$(openssl rand -base64 36 | tr -d '\n')
ENCRYPTION_KEY=$(openssl rand -base64 36 | tr -d '\n')

cp "$ENV_EXAMPLE" "$ENV_FILE"

if [[ "$OSTYPE" == "darwin"* ]]; then
    sed -i '' "s|^PG_PASS=.*|PG_PASS=${PG_PASS}|" "$ENV_FILE"
    sed -i '' "s|^AUTHENTIK_SECRET_KEY=.*|AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}|" "$ENV_FILE"
    sed -i '' "s|^AUTHENTIK_BOOTSTRAP_PASSWORD=.*|AUTHENTIK_BOOTSTRAP_PASSWORD=${AUTHENTIK_BOOTSTRAP_PASSWORD}|" "$ENV_FILE"
    sed -i '' "s|^AUTHENTIK_BOOTSTRAP_TOKEN=.*|AUTHENTIK_BOOTSTRAP_TOKEN=${AUTHENTIK_BOOTSTRAP_TOKEN}|" "$ENV_FILE"
    sed -i '' "s|^ENCRYPTION_KEY=.*|ENCRYPTION_KEY=${ENCRYPTION_KEY}|" "$ENV_FILE"
    sed -i '' "s|^KABOOT_HOST=.*|KABOOT_HOST=${KABOOT_HOST}|" "$ENV_FILE"
else
    sed -i "s|^PG_PASS=.*|PG_PASS=${PG_PASS}|" "$ENV_FILE"
    sed -i "s|^AUTHENTIK_SECRET_KEY=.*|AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}|" "$ENV_FILE"
    sed -i "s|^AUTHENTIK_BOOTSTRAP_PASSWORD=.*|AUTHENTIK_BOOTSTRAP_PASSWORD=${AUTHENTIK_BOOTSTRAP_PASSWORD}|" "$ENV_FILE"
    sed -i "s|^AUTHENTIK_BOOTSTRAP_TOKEN=.*|AUTHENTIK_BOOTSTRAP_TOKEN=${AUTHENTIK_BOOTSTRAP_TOKEN}|" "$ENV_FILE"
    sed -i "s|^ENCRYPTION_KEY=.*|ENCRYPTION_KEY=${ENCRYPTION_KEY}|" "$ENV_FILE"
    sed -i "s|^KABOOT_HOST=.*|KABOOT_HOST=${KABOOT_HOST}|" "$ENV_FILE"
fi

# Create .env.local for Vite frontend
cat > "$ENV_LOCAL" << EOF
# Auto-generated by setup.sh - Frontend environment variables
VITE_BACKEND_URL=http://${KABOOT_HOST}:3001
VITE_AUTHENTIK_URL=http://${KABOOT_HOST}:9000
EOF

echo ""
echo "Created .env and .env.local files."
echo ""
echo "Host configuration:"
echo "  KABOOT_HOST: ${KABOOT_HOST}"
echo "  Frontend:    http://${KABOOT_HOST}:5173"
echo "  Backend:     http://${KABOOT_HOST}:3001"
echo "  Authentik:   http://${KABOOT_HOST}:9000"
echo ""
echo "Authentik admin credentials (save these):"
echo "  Username: akadmin"
echo "  Password: ${AUTHENTIK_BOOTSTRAP_PASSWORD}"
echo ""
echo "Next steps:"
echo "  1. Run: docker compose up -d"
echo "  2. Wait for Authentik to start (~30 seconds)"
echo "  3. For development: npm run dev -- --host"
echo "  4. Access from other devices via http://${KABOOT_HOST}:5173"
echo ""
echo "Note: Update Authentik redirect URIs to include http://${KABOOT_HOST}:5173/callback"
echo ""