#!/usr/bin/env bash
# Generate strong dev .env for macOS Docker Compose run
# Location: uploader-bot/scripts/generate_dev_env.sh

set -euo pipefail

ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
ENV_FILE="$ROOT_DIR/uploader-bot/.env"

# Functions
rand_hex() { openssl rand -hex "$1"; }
ensure_dir() { mkdir -p "$1"; }
abs_path() { python3 - << 'PY'
import os,sys
print(os.path.abspath(sys.argv[1]))
PY
}

# Defaults
POSTGRES_DB_DEFAULT="mynetwork"
POSTGRES_USER_DEFAULT="myuser"
POSTGRES_PASSWORD_DEFAULT="$(rand_hex 16)"
DB_URL_DEFAULT="postgresql+asyncpg://${POSTGRES_USER_DEFAULT}:${POSTGRES_PASSWORD_DEFAULT}@postgres:5432/${POSTGRES_DB_DEFAULT}"

REDIS_URL_DEFAULT="redis://redis:6379/0"

NODE_ID_DEFAULT="local-node-$(rand_hex 4)"
NODE_TYPE_DEFAULT="bootstrap"
NODE_VERSION_DEFAULT="3.0.0"
NETWORK_MODE_DEFAULT="bootstrap"
ALLOW_INCOMING_DEFAULT="true"

SECRET_KEY_DEFAULT="$(rand_hex 32)"
JWT_SECRET_KEY_DEFAULT="$(rand_hex 32)"
ENCRYPTION_KEY_DEFAULT="$(rand_hex 32)"

STORAGE_REL="./uploader-bot/storage"
LOGS_REL="./uploader-bot/logs"
KEYS_REL="./uploader-bot/config/keys"

API_HOST_DEFAULT="0.0.0.0"
API_PORT_DEFAULT="8000"
UVICORN_HOST_DEFAULT="0.0.0.0"
UVICORN_PORT_DEFAULT="8000"
DOCKER_SOCK_DEFAULT="/var/run/docker.sock"

NODE_PRIV_PATH="/app/keys/node_private_key"
NODE_PUB_PATH="/app/keys/node_public_key"

BOOTSTRAP_CONFIG_DEFAULT="default"
LOG_LEVEL_DEFAULT="INFO"
MAX_PEERS_DEFAULT="50"
SYNC_INTERVAL_DEFAULT="300"
CONVERT_PAR_DEFAULT="2"
CONVERT_TIMEOUT_DEFAULT="300"

# Prepare folders
ensure_dir "$ROOT_DIR/uploader-bot/storage"
ensure_dir "$ROOT_DIR/uploader-bot/logs"
ensure_dir "$ROOT_DIR/uploader-bot/config/keys"

# Generate node keys if missing
PRIV_KEY_HOST="$ROOT_DIR/uploader-bot/config/keys/node_private_key"
PUB_KEY_HOST="$ROOT_DIR/uploader-bot/config/keys/node_public_key"

if [ ! -f "$PRIV_KEY_HOST" ] || [ ! -f "$PUB_KEY_HOST" ]; then
  echo "[INFO] Generating ed25519 node keypair..."
  openssl genpkey -algorithm ed25519 -out "$PRIV_KEY_HOST"
  openssl pkey -in "$PRIV_KEY_HOST" -pubout -out "$PUB_KEY_HOST"
  chmod 600 "$PRIV_KEY_HOST" && chmod 644 "$PUB_KEY_HOST"
fi

# Try to compute NODE_PUBLIC_KEY_HEX (last 32 bytes of DER pubkey)
NODE_PUBLIC_KEY_HEX=""
if command -v xxd >/dev/null 2>&1; then
  NODE_PUBLIC_KEY_HEX="$(openssl pkey -in "$PRIV_KEY_HOST" -pubout -outform DER | tail -c 32 | xxd -p -c 32 || true)"
fi

# Compose content
cat > "$ENV_FILE" <<EOF
# Generated by scripts/generate_dev_env.sh on $(date -u +"%Y-%m-%dT%H:%M:%SZ")

# Database (PostgreSQL)
POSTGRES_DB=${POSTGRES_DB_DEFAULT}
POSTGRES_USER=${POSTGRES_USER_DEFAULT}
POSTGRES_PASSWORD=${POSTGRES_PASSWORD_DEFAULT}
DATABASE_URL=${DB_URL_DEFAULT}

# Redis
REDIS_URL=${REDIS_URL_DEFAULT}

# Node/network
NODE_ID=${NODE_ID_DEFAULT}
NODE_TYPE=${NODE_TYPE_DEFAULT}
NODE_VERSION=${NODE_VERSION_DEFAULT}
NETWORK_MODE=${NETWORK_MODE_DEFAULT}
ALLOW_INCOMING_CONNECTIONS=${ALLOW_INCOMING_DEFAULT}

# Security
SECRET_KEY=${SECRET_KEY_DEFAULT}
JWT_SECRET_KEY=${JWT_SECRET_KEY_DEFAULT}
ENCRYPTION_KEY=${ENCRYPTION_KEY_DEFAULT}

# API / runtime
API_HOST=${API_HOST_DEFAULT}
API_PORT=${API_PORT_DEFAULT}
UVICORN_HOST=${UVICORN_HOST_DEFAULT}
UVICORN_PORT=${UVICORN_PORT_DEFAULT}
DOCKER_SOCK_PATH=${DOCKER_SOCK_DEFAULT}

# Node key paths inside container
NODE_PRIVATE_KEY_PATH=${NODE_PRIV_PATH}
NODE_PUBLIC_KEY_PATH=${NODE_PUB_PATH}
NODE_PUBLIC_KEY_HEX=${NODE_PUBLIC_KEY_HEX}

# Storage/logs (host paths are mounted by compose)
STORAGE_PATH=${STORAGE_REL}

# Bootstrap
BOOTSTRAP_CONFIG=${BOOTSTRAP_CONFIG_DEFAULT}

# Telegram (optional; leave empty to disable)
TELEGRAM_API_KEY=
CLIENT_TELEGRAM_API_KEY=

# Logging / network params
LOG_LEVEL=${LOG_LEVEL_DEFAULT}
MAX_PEER_CONNECTIONS=${MAX_PEERS_DEFAULT}
SYNC_INTERVAL=${SYNC_INTERVAL_DEFAULT}
CONVERT_MAX_PARALLEL=${CONVERT_PAR_DEFAULT}
CONVERT_TIMEOUT=${CONVERT_TIMEOUT_DEFAULT}
EOF

echo "[OK] .env written to: $ENV_FILE"
echo
echo "Summary:"
echo "  POSTGRES_DB=${POSTGRES_DB_DEFAULT}"
echo "  POSTGRES_USER=${POSTGRES_USER_DEFAULT}"
echo "  POSTGRES_PASSWORD=<generated>"
echo "  DATABASE_URL=${DB_URL_DEFAULT}"
echo "  REDIS_URL=${REDIS_URL_DEFAULT}"
echo "  NODE_ID=${NODE_ID_DEFAULT}"
echo "  Keys:"
echo "    Private: $PRIV_KEY_HOST"
echo "    Public : $PUB_KEY_HOST"
echo "  NODE_PUBLIC_KEY_HEX=${NODE_PUBLIC_KEY_HEX:-<not computed>}"
echo
echo "Next steps:"
echo "  1) Open uploader-bot/.env and set TELEGRAM_API_KEY / CLIENT_TELEGRAM_API_KEY if needed."
echo "  2) Run: docker compose -f uploader-bot/deployment/docker-compose.macos.yml up -d --build"
echo "  3) Check: curl http://localhost:8000/health"