#!/usr/bin/env bash
set -euo pipefail
# shellcheck disable=SC2329

# =============================================================================
# phase1_post_check.sh — Verify Phase 1 (Gitea on Unraid) succeeded
# Independent verification — can be run separately from phase1_gitea_unraid.sh
# Exits 0 only if ALL checks pass.
# =============================================================================

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
source "${SCRIPT_DIR}/lib/common.sh"

load_env
require_vars GITEA_INTERNAL_URL GITEA_ADMIN_USER GITEA_ADMIN_PASSWORD \
             GITEA_ADMIN_TOKEN GITEA_ORG_NAME

log_info "=== Phase 1 Post-Check ==="

PASS=0
FAIL=0

# Helper: run a check, track results
run_check() {
  local description="$1"; shift
  if "$@" 2>/dev/null; then
    log_success "$description"
    PASS=$((PASS + 1))
  else
    log_error "FAIL: $description"
    FAIL=$((FAIL + 1))
  fi
}

# Check 1: Gitea responds with HTTP 200
run_check "Gitea HTTP 200 at ${GITEA_INTERNAL_URL}" \
  curl -sf -o /dev/null "${GITEA_INTERNAL_URL}/api/v1/version"

# Check 2: Admin user authenticates with basic auth
run_check "Admin user authenticates (basic auth)" \
  curl -sf -o /dev/null -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" "${GITEA_INTERNAL_URL}/api/v1/user"

# Check 3: API token works and returns correct username
# shellcheck disable=SC2329
check_token() {
  local response
  response=$(curl -sf -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "${GITEA_INTERNAL_URL}/api/v1/user")
  local login
  login=$(printf '%s' "$response" | jq -r '.login')
  [[ "$login" == "${GITEA_ADMIN_USER}" ]]
}
run_check "API token valid (returns correct username)" check_token

# Check 4: Organization exists
run_check "Organization '${GITEA_ORG_NAME}' exists" \
  curl -sf -o /dev/null -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "${GITEA_INTERNAL_URL}/api/v1/orgs/${GITEA_ORG_NAME}"

# Check 5: Gitea Actions enabled (verify via settings API)
# shellcheck disable=SC2329
check_actions() {
  # The /api/v1/settings/api endpoint returns instance settings.
  # If Actions are enabled, the Gitea instance will accept runner registrations.
  # We can also check by simply verifying the admin/runners endpoint responds.
  curl -sf -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "${GITEA_INTERNAL_URL}/api/v1/settings/api" -o /dev/null
}
run_check "Gitea API settings accessible (Actions check)" check_actions

# Summary
printf '\n'
log_info "Results: ${PASS} passed, ${FAIL} failed"

if [[ $FAIL -gt 0 ]]; then
  log_error "Phase 1 post-check FAILED"
  exit 1
else
  log_success "Phase 1 post-check PASSED — Gitea on Unraid is fully operational"
  exit 0
fi