#!/usr/bin/env bash
# =============================================================================
#  setup_bewpro_webhook.sh — Instala el webhook listener en VPS1 (una sola vez)
#
#  Ejecutar como root en VPS1 (Hostinger):
#    bash setup_bewpro_webhook.sh
#
#  Qué hace:
#    1. Copia los scripts a /root/scripts/
#    2. Genera BEWPRO_WEBHOOK_SECRET si no existe
#    3. Instala bewpro-webhook.service en systemd
#    4. Imprime el token para copiarlo en el .env del proyecto Laravel
# =============================================================================

set -euo pipefail
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; BOLD='\033[1m'; NC='\033[0m'
ok()   { echo -e "  ${GREEN}✓${NC} $*"; }
info() { echo -e "  → $*"; }
warn() { echo -e "  ${YELLOW}⚠${NC} $*" >&2; }
fail() { echo -e "  ${RED}✗${NC} $*" >&2; exit 1; }

[[ "$(id -u)" -ne 0 ]] && fail "Ejecutar como root."

SCRIPTS_DIR="/root/scripts"
SERVICE_NAME="bewpro-webhook"
SERVICE_FILE="/etc/systemd/system/${SERVICE_NAME}.service"

# ── 1. Crear directorio de scripts ────────────────────────────────────────────
mkdir -p "$SCRIPTS_DIR"
ok "Directorio: $SCRIPTS_DIR"

# ── 2. Copiar scripts (se asume que estamos en el directorio del repo local) ──
# Ajustar SRC si se sube de otra forma (scp, etc.)
SRC_DIR="$(dirname "$0")"  # mismo directorio que este script

for f in delete-project.sh bewpro-webhook.py; do
  if [[ -f "${SRC_DIR}/${f}" ]]; then
    cp "${SRC_DIR}/${f}" "${SCRIPTS_DIR}/${f}"
    chmod 700 "${SCRIPTS_DIR}/${f}"
    ok "Copiado: ${SCRIPTS_DIR}/${f}"
  else
    warn "No encontrado: ${SRC_DIR}/${f} — copiá manualmente a ${SCRIPTS_DIR}/${f}"
  fi
done

# ── 3. Generar token si no existe ya ──────────────────────────────────────────
EXISTING_SECRET=""
if [[ -f "$SERVICE_FILE" ]]; then
  EXISTING_SECRET="$(grep -o 'BEWPRO_WEBHOOK_SECRET=[^ ]*' "$SERVICE_FILE" 2>/dev/null | cut -d= -f2 || true)"
fi

if [[ -z "$EXISTING_SECRET" || "$EXISTING_SECRET" == "REEMPLAZAR_CON_TOKEN_GENERADO" ]]; then
  WEBHOOK_SECRET="$(openssl rand -hex 32)"
  info "Token generado: ${WEBHOOK_SECRET}"
else
  WEBHOOK_SECRET="$EXISTING_SECRET"
  info "Usando token existente del service."
fi

# ── 4. Instalar service ───────────────────────────────────────────────────────
cat > "$SERVICE_FILE" <<EOF
[Unit]
Description=BewPro Webhook — delete-project runner (root)
After=network.target

[Service]
Type=simple
User=root
Group=root
ExecStart=/usr/bin/python3 /root/scripts/bewpro-webhook.py
Restart=on-failure
RestartSec=5
Environment="BEWPRO_WEBHOOK_SECRET=${WEBHOOK_SECRET}"
Environment="BEWPRO_SCRIPT=/root/scripts/delete-project.sh"
Environment="BEWPRO_WEBHOOK_HOST=127.0.0.1"
Environment="BEWPRO_WEBHOOK_PORT=9876"
Environment="BEWPRO_TIMEOUT=900"
Environment="BEWPRO_LOG=/var/log/bewpro-webhook.log"
TimeoutStopSec=30
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
EOF
ok "Service instalado: $SERVICE_FILE"

# ── 5. Recargar y levantar ────────────────────────────────────────────────────
systemctl daemon-reload
systemctl enable "${SERVICE_NAME}"
systemctl restart "${SERVICE_NAME}"
sleep 2

if systemctl is-active --quiet "${SERVICE_NAME}"; then
  ok "bewpro-webhook ACTIVO en 127.0.0.1:9876"
else
  fail "El service no levantó. Revisá: journalctl -u ${SERVICE_NAME} -n 50"
fi

# ── 6. Verificar health check ─────────────────────────────────────────────────
HEALTH="$(curl -s http://127.0.0.1:9876/health 2>/dev/null || echo '{}')"
if echo "$HEALTH" | grep -q '"ok":true'; then
  ok "Health check OK: $HEALTH"
else
  warn "Health check falló: $HEALTH"
fi

# ── 7. Instrucciones para Laravel ─────────────────────────────────────────────
echo ""
echo -e "${BOLD}════════════════════════════════════════${NC}"
echo -e "${BOLD}  Copiá esto en el .env de Laravel:${NC}"
echo -e "${BOLD}════════════════════════════════════════${NC}"
echo ""
echo "BEWPRO_WEBHOOK_URL=http://127.0.0.1:9876"
echo "BEWPRO_WEBHOOK_SECRET=${WEBHOOK_SECRET}"
echo ""
echo -e "${YELLOW}Guardá el token en un lugar seguro. Si lo perdés, regenerá con:${NC}"
echo "  openssl rand -hex 32"
echo "  systemctl edit ${SERVICE_NAME} --force  # y actualizá Environment=BEWPRO_WEBHOOK_SECRET=..."
echo ""