#!/bin/bash
set -e

# Colors for output
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

log_header() {
    echo -e "${BLUE}$1${NC}"
}

# Function to generate secure password
generate_password() {
    openssl rand -base64 32 | tr -d "=+/" | cut -c1-25
}

log_header "Generating Nextcloud secrets"
echo "============================="

ENV_FILE=".env"

# Check if .env file exists
if [ ! -f "$ENV_FILE" ]; then
    log_warn ".env file not found. Please ensure it exists first."
    exit 1
fi

# Generate passwords
log_info "Generating secure passwords..."
DB_PASSWORD=$(generate_password)
REDIS_PASSWORD=$(generate_password)

# Backup existing .env file
log_info "Creating backup of existing .env file..."
cp "$ENV_FILE" "${ENV_FILE}.backup.$(date +%Y%m%d_%H%M%S)"

# Update .env file
log_info "Updating .env file with generated passwords..."
sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=${DB_PASSWORD}/" "$ENV_FILE"
sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=${REDIS_PASSWORD}/" "$ENV_FILE"

# Display generated passwords (for reference)
echo ""
log_header "Generated credentials:"
echo "======================"
echo "Database Password: $DB_PASSWORD"
echo "Redis Password: $REDIS_PASSWORD"
echo ""
log_info "Passwords have been saved to $ENV_FILE"
log_info "A backup of the previous .env file has been created"

# Security reminder
echo ""
log_warn "SECURITY REMINDER:"
echo "- Keep these passwords secure"
echo "- Do not share them in version control"
echo "- The backup file also contains these passwords"