#!/usr/bin/env bash
set -euo pipefail

# =============================================================================
# backup/restore_to_primary.sh — Restore a Gitea backup to Unraid primary
# DESTRUCTIVE: Replaces all Gitea data on Unraid with the backup contents.
#
# Usage: ./backup/restore_to_primary.sh --archive <path>
#   <path> can be:
#     - A path on Fedora (e.g. /mnt/nvme/gitea-backups/gitea-dump-*.zip)
#     - A local path on this machine
#
# Steps:
#   1. Stop Gitea container
#   2. Back up current data as safety net (data.pre-restore)
#   3. Extract archive to Gitea data directory
#   4. Restart Gitea container
#   5. Wait for Gitea to be ready
#   6. Verify admin login
#   7. Regenerate API token (old token from dump may be stale)
# =============================================================================

SCRIPT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
source "${SCRIPT_DIR}/lib/common.sh"

load_env
require_vars UNRAID_IP UNRAID_SSH_USER UNRAID_GITEA_DATA_PATH UNRAID_COMPOSE_DIR \
             GITEA_INTERNAL_URL GITEA_ADMIN_USER GITEA_ADMIN_PASSWORD \
             GITEA_DB_TYPE
if [[ "${GITEA_DB_TYPE}" != "sqlite3" ]]; then
  require_vars GITEA_DB_PORT GITEA_DB_NAME GITEA_DB_USER GITEA_DB_PASSWD
fi

DATA_PATH="$UNRAID_GITEA_DATA_PATH"
COMPOSE_DIR="${UNRAID_COMPOSE_DIR}/gitea"

# ---------------------------------------------------------------------------
# Parse arguments
# ---------------------------------------------------------------------------
ARCHIVE_PATH=""

while [[ $# -gt 0 ]]; do
  case "$1" in
    --archive)
      if [[ $# -lt 2 ]]; then log_error "--archive requires a path"; exit 1; fi
      ARCHIVE_PATH="$2"; shift 2 ;;
    --help|-h)
      echo "Usage: $(basename "$0") --archive <path-to-gitea-dump.zip>"
      exit 0 ;;
    *) log_error "Unknown argument: $1"; exit 1 ;;
  esac
done

if [[ -z "$ARCHIVE_PATH" ]]; then
  log_error "Missing required --archive <path>"
  echo "Usage: $(basename "$0") --archive <path-to-gitea-dump.zip>"
  exit 1
fi

log_warn "=== Gitea Restore to Primary ==="
log_warn "This will REPLACE all Gitea data on Unraid with the backup."

printf 'Continue? This is IRREVERSIBLE (current data will be backed up first). [y/N] '
read -r confirm
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
  log_info "Restore cancelled"
  exit 0
fi

# ---------------------------------------------------------------------------
# Step 1: Transfer archive to Unraid /tmp if needed
# If the archive is a local file, SCP it directly. If it's on Fedora,
# SCP directly from Fedora to Unraid (no MacBook relay).
# ---------------------------------------------------------------------------
log_step 1 "Preparing archive..."
ARCHIVE_NAME=$(basename "$ARCHIVE_PATH")
UNRAID_ARCHIVE="/tmp/${ARCHIVE_NAME}"

if [[ -f "$ARCHIVE_PATH" ]]; then
  # Local file — SCP to Unraid
  log_info "Uploading local archive to Unraid..."
  scp_to UNRAID "$ARCHIVE_PATH" "$UNRAID_ARCHIVE"
else
  # Assume path is on Fedora — SCP directly from Fedora to Unraid
  require_vars FEDORA_IP FEDORA_SSH_USER UNRAID_IP UNRAID_SSH_USER
  log_info "Transferring archive from Fedora to Unraid..."
  UNRAID_PORT="${UNRAID_SSH_PORT:-22}"
  ssh_exec FEDORA "scp -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new \
    -o BatchMode=yes -P '${UNRAID_PORT}' \
    '${ARCHIVE_PATH}' '${UNRAID_SSH_USER}@${UNRAID_IP}:${UNRAID_ARCHIVE}'"
fi
log_success "Archive ready on Unraid: ${UNRAID_ARCHIVE}"

# ---------------------------------------------------------------------------
# Step 2: Stop Gitea container
# ---------------------------------------------------------------------------
log_step 2 "Stopping Gitea container..."
ssh_exec UNRAID "cd '${COMPOSE_DIR}' && docker compose down 2>/dev/null || docker-compose down" || true
log_success "Gitea container stopped"

# ---------------------------------------------------------------------------
# Step 3: Back up current data as safety net
# Rename data/ → data.pre-restore/ so we can roll back if needed.
# If a pre-restore backup already exists, append a timestamp.
# ---------------------------------------------------------------------------
log_step 3 "Backing up current data..."
if ssh_exec UNRAID "test -d '${DATA_PATH}/data'" 2>/dev/null; then
  BACKUP_SUFFIX="pre-restore-$(date +%Y%m%d-%H%M%S)"
  ssh_exec UNRAID "mv '${DATA_PATH}/data' '${DATA_PATH}/data.${BACKUP_SUFFIX}'"
  log_success "Current data backed up to data.${BACKUP_SUFFIX}"
else
  log_info "No existing data directory to back up"
fi

# ---------------------------------------------------------------------------
# Step 4: Extract archive
# gitea dump creates a zip with: gitea-db.sql (or gitea.db), repos/, app.ini
# We extract to a temp dir, then move files to the correct locations.
# ---------------------------------------------------------------------------
log_step 4 "Extracting archive..."
ssh_exec UNRAID "mkdir -p '${DATA_PATH}/data' && cd '${DATA_PATH}' && unzip -o '${UNRAID_ARCHIVE}' -d restore-tmp"

# Move restored files into place
# The dump structure varies by Gitea version — handle common layouts
ssh_exec UNRAID "
  cd '${DATA_PATH}/restore-tmp'
  # Move repos if present
  if [ -d repos ]; then mv repos '${DATA_PATH}/data/'; fi
  # Move gitea.db (SQLite database)
  if [ -f gitea.db ]; then mv gitea.db '${DATA_PATH}/data/'; fi
  # Keep gitea-db.sql for external DB import (moved below)
  if [ -f gitea-db.sql ]; then mv gitea-db.sql '${DATA_PATH}/data/'; fi
  # Move config if present
  if [ -f app.ini ]; then
    mkdir -p '${DATA_PATH}/config'
    mv app.ini '${DATA_PATH}/config/'
  fi
  # Move any remaining data files
  if [ -d data ]; then cp -r data/* '${DATA_PATH}/data/' 2>/dev/null || true; fi
  # Clean up temp
  cd '${DATA_PATH}' && rm -rf restore-tmp
"
log_success "Archive extracted and files placed"

# Import SQL dump into external database container (skip for sqlite3)
if [[ "${GITEA_DB_TYPE}" != "sqlite3" ]]; then
  log_step "4b" "Importing SQL dump into ${GITEA_DB_TYPE} database..."
  SQL_FILE="${DATA_PATH}/data/gitea-db.sql"
  if ssh_exec UNRAID "test -f '${SQL_FILE}'" 2>/dev/null; then
    case "${GITEA_DB_TYPE}" in
      postgres)
        ssh_exec UNRAID "docker exec -i gitea-db psql -U '${GITEA_DB_USER}' '${GITEA_DB_NAME}' < '${SQL_FILE}'"
        ;;
      mysql)
        ssh_exec UNRAID "docker exec -i gitea-db mysql -u '${GITEA_DB_USER}' -p'${GITEA_DB_PASSWD}' '${GITEA_DB_NAME}' < '${SQL_FILE}'"
        ;;
      mssql)
        # Copy SQL file into container then import
        ssh_exec UNRAID "docker cp '${SQL_FILE}' gitea-db:/tmp/gitea-db.sql && \
          docker exec gitea-db /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P '${GITEA_DB_PASSWD}' -d '${GITEA_DB_NAME}' -i /tmp/gitea-db.sql -C -N"
        ;;
    esac
    log_success "SQL dump imported into ${GITEA_DB_TYPE}"
  else
    log_warn "No gitea-db.sql found in archive — database may need manual import"
  fi
fi

# Clean up archive from Unraid /tmp
ssh_exec UNRAID "rm -f '${UNRAID_ARCHIVE}'"

# ---------------------------------------------------------------------------
# Step 5: Restart Gitea container
# ---------------------------------------------------------------------------
log_step 5 "Starting Gitea container..."
ssh_exec UNRAID "cd '${COMPOSE_DIR}' && docker compose up -d 2>/dev/null || docker-compose up -d"
log_success "Gitea container started"

# ---------------------------------------------------------------------------
# Step 6: Wait for Gitea to be ready
# ---------------------------------------------------------------------------
log_step 6 "Waiting for Gitea to be ready..."
wait_for_http "${GITEA_INTERNAL_URL}/api/v1/version" 120

# ---------------------------------------------------------------------------
# Step 7: Verify admin login
# ---------------------------------------------------------------------------
log_step 7 "Verifying admin login..."
if curl -sf -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" "${GITEA_INTERNAL_URL}/api/v1/user" -o /dev/null 2>/dev/null; then
  log_success "Admin login verified"
else
  log_error "Admin login failed — check credentials or backup integrity"
  exit 1
fi

# ---------------------------------------------------------------------------
# Step 8: Regenerate API token
# Old tokens from the dump may conflict or be stale. Generate a fresh one.
# ---------------------------------------------------------------------------
log_step 8 "Regenerating API token..."
RESTORE_TOKEN_NAME="migration-token-restored"

# Idempotency: remove any previously generated restore token with the same name.
# Gitea returns 409 if we try to create a duplicate token name.
curl -sf -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" \
  -X DELETE \
  "${GITEA_INTERNAL_URL}/api/v1/users/${GITEA_ADMIN_USER}/tokens/${RESTORE_TOKEN_NAME}" \
  -o /dev/null 2>/dev/null || true

TOKEN_RESPONSE=$(curl -sf -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" \
  -X POST \
  -H "Content-Type: application/json" \
  -d "{\"name\":\"${RESTORE_TOKEN_NAME}\",\"scopes\":[\"all\"]}" \
  "${GITEA_INTERNAL_URL}/api/v1/users/${GITEA_ADMIN_USER}/tokens")

NEW_TOKEN=$(printf '%s' "$TOKEN_RESPONSE" | jq -r '.sha1')

if [[ -z "$NEW_TOKEN" ]] || [[ "$NEW_TOKEN" == "null" ]]; then
  log_warn "Could not generate new API token — may need manual regeneration"
else
  save_env_var "GITEA_ADMIN_TOKEN" "$NEW_TOKEN"
  log_success "New API token generated and saved to .env"
fi

# ---------------------------------------------------------------------------
# Summary
# ---------------------------------------------------------------------------
printf '\n'
log_success "Restore complete — Gitea is running with restored data"
log_info "Pre-restore data preserved at: ${DATA_PATH}/data.${BACKUP_SUFFIX:-unknown}"
log_info "Verify all repos and users are accessible before deleting the pre-restore backup."