#!/usr/bin/env bash
set -euo pipefail
# Convert .env to Bitwarden JSON import format (secure note with custom fields).

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "$PROJECT_ROOT/lib/common.sh"

ITEM_NAME="gitea-migration-env"
ENV_FILE="$PROJECT_ROOT/.env"
OUTPUT_FILE=""

usage() {
    cat >&2 <<EOF
Usage: $(basename "$0") [-o FILE] [-n NAME]

Convert .env to Bitwarden-importable JSON (secure note with custom fields).

Options:
  -o FILE   Write to file instead of stdout
  -n NAME   Bitwarden item name (default: $ITEM_NAME)
  -h        Show this help

Import the output via:
  Bitwarden Web Vault → Tools → Import Data → Format: Bitwarden (json) → Upload
EOF
    exit 1
}

while getopts "o:n:h" opt; do
    case $opt in
        o) OUTPUT_FILE="$OPTARG" ;;
        n) ITEM_NAME="$OPTARG" ;;
        h) usage ;;
        *) usage ;;
    esac
done

if [[ ! -f "$ENV_FILE" ]]; then
    log_error ".env not found at $ENV_FILE"
    exit 1
fi

if ! command -v jq &>/dev/null; then
    log_error "jq is required but not installed"
    exit 1
fi

# Patterns for fields that should be hidden (type=1) in Bitwarden
sensitive_re="PASSWORD|TOKEN|SECRET|_KEY"

# Build a TSV of key\tvalue\ttype lines, then convert to JSON in one jq call.
# This avoids calling jq in a loop.
tsv=""
while IFS= read -r line || [[ -n "$line" ]]; do
    # Skip comments and blank lines
    [[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue

    key="${line%%=*}"
    value="${line#*=}"

    # Strip surrounding quotes
    if [[ "$value" =~ ^\"(.*)\"$ ]]; then
        value="${BASH_REMATCH[1]}"
    elif [[ "$value" =~ ^\'(.*)\'$ ]]; then
        value="${BASH_REMATCH[1]}"
    fi

    # Strip inline comments (space + #)
    value="${value%%[[:space:]]#*}"
    # Trim trailing whitespace
    value="${value%"${value##*[![:space:]]}"}"

    field_type=0
    if [[ "$key" =~ $sensitive_re ]]; then
        field_type=1
    fi

    # Append as null-delimited triple (safe for any value content)
    tsv+="${key}"$'\x00'"${value}"$'\x00'"${field_type}"$'\x00'
done < "$ENV_FILE"

# Convert null-delimited triples into JSON fields array
fields_json=$(printf '%s' "$tsv" | \
    jq -Rs '
        split("\u0000") |
        # drop trailing empty element from final delimiter
        if .[-1] == "" then .[:-1] else . end |
        [ range(0; length; 3) as $i |
            { name: .[$i], value: .[$i+1], type: (.[$i+2] | tonumber) }
        ]
    ')

field_count=$(printf '%s' "$fields_json" | jq 'length')

# Build the complete Bitwarden import envelope
import_json=$(jq -n \
    --arg name "$ITEM_NAME" \
    --argjson fields "$fields_json" \
    '{
        encrypted: false,
        folders: [],
        items: [
            {
                type: 2,
                name: $name,
                notes: "Gitea migration .env — exported by env_to_bitwarden.sh",
                favorite: false,
                secureNote: { type: 0 },
                fields: $fields
            }
        ]
    }')

if [[ -n "$OUTPUT_FILE" ]]; then
    printf '%s\n' "$import_json" > "$OUTPUT_FILE"
    log_success "Wrote $field_count fields to $OUTPUT_FILE"
    log_info "Import via: Bitwarden → Tools → Import Data → Bitwarden (json)"
else
    printf '%s\n' "$import_json"
fi