#!/bin/bash
set -e

ENV_FILE=".env"
ENV_EXAMPLE=".env.example"
ENV_LOCAL=".env.local"

echo "Kaboot Development Setup"
echo "========================"
echo ""

if [ -f "$ENV_FILE" ]; then
    read -p ".env file already exists. Overwrite? (y/N): " -n 1 -r
    echo ""
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Aborting. Existing .env file preserved."
        exit 0
    fi
fi

if [ ! -f "$ENV_EXAMPLE" ]; then
    echo "Error: .env.example not found. Run this script from the project root."
    exit 1
fi

# Detect host IP for network access
detect_host_ip() {
    if [[ "$OSTYPE" == "darwin"* ]]; then
        ipconfig getifaddr en0 2>/dev/null || ipconfig getifaddr en1 2>/dev/null || echo "localhost"
    else
        hostname -I 2>/dev/null | awk '{print $1}' || echo "localhost"
    fi
}

echo "Detecting network configuration..."
DETECTED_IP=$(detect_host_ip)
echo "  Detected IP: $DETECTED_IP"
echo ""
read -p "Enter host IP/domain for network access [$DETECTED_IP]: " KABOOT_HOST
KABOOT_HOST=${KABOOT_HOST:-$DETECTED_IP}

echo ""
echo "System AI Configuration (Optional)"
echo "-----------------------------------"
echo "You can provide a Gemini API key to enable AI quiz generation"
echo "for all users without requiring them to set up their own key."
echo ""
read -p "Enter Gemini API key (or press Enter to skip): " GEMINI_API_KEY

echo ""
echo "Generating secrets..."

PG_PASS=$(openssl rand -base64 36 | tr -d '\n' | tr -d '/')
AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n' | tr -d '/')
AUTHENTIK_BOOTSTRAP_PASSWORD=$(openssl rand -base64 24 | tr -d '\n' | tr -d '/')
AUTHENTIK_BOOTSTRAP_TOKEN=$(openssl rand -hex 32)
ENCRYPTION_KEY=$(openssl rand -base64 36 | tr -d '\n' | tr -d '/')

cp "$ENV_EXAMPLE" "$ENV_FILE"

if [[ "$OSTYPE" == "darwin"* ]]; then
    sed -i '' "s|^PG_PASS=.*|PG_PASS=${PG_PASS}|" "$ENV_FILE"
    sed -i '' "s|^AUTHENTIK_SECRET_KEY=.*|AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}|" "$ENV_FILE"
    sed -i '' "s|^AUTHENTIK_BOOTSTRAP_PASSWORD=.*|AUTHENTIK_BOOTSTRAP_PASSWORD=${AUTHENTIK_BOOTSTRAP_PASSWORD}|" "$ENV_FILE"
    sed -i '' "s|^AUTHENTIK_BOOTSTRAP_TOKEN=.*|AUTHENTIK_BOOTSTRAP_TOKEN=${AUTHENTIK_BOOTSTRAP_TOKEN}|" "$ENV_FILE"
    sed -i '' "s|^ENCRYPTION_KEY=.*|ENCRYPTION_KEY=${ENCRYPTION_KEY}|" "$ENV_FILE"
    sed -i '' "s|^KABOOT_HOST=.*|KABOOT_HOST=${KABOOT_HOST}|" "$ENV_FILE"
    sed -i '' "s|^LOG_REQUESTS=.*|LOG_REQUESTS=true|" "$ENV_FILE"
    sed -i '' "s|^GEMINI_API_KEY=.*|GEMINI_API_KEY=${GEMINI_API_KEY}|" "$ENV_FILE"
else
    sed -i "s|^PG_PASS=.*|PG_PASS=${PG_PASS}|" "$ENV_FILE"
    sed -i "s|^AUTHENTIK_SECRET_KEY=.*|AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}|" "$ENV_FILE"
    sed -i "s|^AUTHENTIK_BOOTSTRAP_PASSWORD=.*|AUTHENTIK_BOOTSTRAP_PASSWORD=${AUTHENTIK_BOOTSTRAP_PASSWORD}|" "$ENV_FILE"
    sed -i "s|^AUTHENTIK_BOOTSTRAP_TOKEN=.*|AUTHENTIK_BOOTSTRAP_TOKEN=${AUTHENTIK_BOOTSTRAP_TOKEN}|" "$ENV_FILE"
    sed -i "s|^ENCRYPTION_KEY=.*|ENCRYPTION_KEY=${ENCRYPTION_KEY}|" "$ENV_FILE"
    sed -i "s|^KABOOT_HOST=.*|KABOOT_HOST=${KABOOT_HOST}|" "$ENV_FILE"
    sed -i "s|^LOG_REQUESTS=.*|LOG_REQUESTS=true|" "$ENV_FILE"
    sed -i "s|^GEMINI_API_KEY=.*|GEMINI_API_KEY=${GEMINI_API_KEY}|" "$ENV_FILE"
fi

# Create .env.local for Vite frontend
cat > "$ENV_LOCAL" << EOF
# Auto-generated by setup.sh - Frontend environment variables
VITE_API_URL=http://${KABOOT_HOST}:3001
VITE_BACKEND_URL=http://${KABOOT_HOST}:3001
VITE_AUTHENTIK_URL=http://${KABOOT_HOST}:9000
VITE_OIDC_CLIENT_ID=kaboot-spa
VITE_OIDC_APP_SLUG=kaboot
EOF

echo ""
echo "Setup Complete!"
echo "==============="
echo ""
echo "Configuration Summary"
echo "---------------------"
echo "  KABOOT_HOST: ${KABOOT_HOST}"
echo "  Frontend:    http://${KABOOT_HOST}:5173"
echo "  Backend:     http://${KABOOT_HOST}:3001"
echo "  Authentik:   http://${KABOOT_HOST}:9000"
if [ -n "$GEMINI_API_KEY" ]; then
    echo "  System AI:   Enabled"
else
    echo "  System AI:   Disabled (users need own API key)"
fi
echo ""
echo "Authentik Admin Credentials (SAVE THESE)"
echo "-----------------------------------------"
echo "  Username: akadmin"
echo "  Password: ${AUTHENTIK_BOOTSTRAP_PASSWORD}"
echo ""
echo "Files Created"
echo "-------------"
echo "  .env       - Docker Compose environment variables"
echo "  .env.local - Vite frontend environment variables"
echo ""
echo "Next Steps"
echo "----------"
echo "  1. Run: docker compose up -d"
echo "  2. Wait for Authentik to start (~30 seconds)"
echo "  3. For development: npm install && npm run dev -- --host"
echo "  4. Access from other devices via http://${KABOOT_HOST}:5173"
echo ""
echo "Note: Update Authentik redirect URIs to include http://${KABOOT_HOST}:5173/callback"
echo ""