#!/bin/bash
set -e

# Colors for output
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
RED='\033[0;31m'
NC='\033[0m' # No Color

log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

log_header() {
    echo -e "${BLUE}$1${NC}"
}

# Function to generate secure random string (alphanumeric only)
generate_secret() {
    local length=${1:-32}
    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w "$length" | head -n 1
}

ENV_FILE=".env"

log_header "Taiga Secrets Generator (Alternative Method)"
echo "=============================================="

# Check if .env file exists
if [[ ! -f "$ENV_FILE" ]]; then
    log_error ".env file not found! Please create it first."
    exit 1
fi

# Create backup
log_info "Creating backup of .env file..."
cp "$ENV_FILE" "${ENV_FILE}.backup.$(date +%Y%m%d_%H%M%S)"

# Generate secrets
log_info "Generating secure secrets..."

SECRET_KEY=$(generate_secret 50)
DB_PASSWORD=$(generate_secret 32)
RABBITMQ_PASSWORD=$(generate_secret 32)
ERLANG_COOKIE=$(generate_secret 20)

# Create new .env file using awk (more robust than sed)
log_info "Updating .env file with new secrets..."

awk -v secret_key="$SECRET_KEY" \
    -v db_password="$DB_PASSWORD" \
    -v rabbitmq_password="$RABBITMQ_PASSWORD" \
    -v erlang_cookie="$ERLANG_COOKIE" '
{
    if ($0 ~ /^SECRET_KEY="CHANGE_ME_TO_SECURE_SECRET_KEY"/) {
        print "SECRET_KEY=\"" secret_key "\""
    } else if ($0 ~ /^POSTGRES_PASSWORD=CHANGE_ME_TO_SECURE_DB_PASSWORD/) {
        print "POSTGRES_PASSWORD=" db_password
    } else if ($0 ~ /^RABBITMQ_PASS=CHANGE_ME_TO_SECURE_RABBITMQ_PASSWORD/) {
        print "RABBITMQ_PASS=" rabbitmq_password
    } else if ($0 ~ /^RABBITMQ_ERLANG_COOKIE=CHANGE_ME_TO_SECURE_ERLANG_COOKIE/) {
        print "RABBITMQ_ERLANG_COOKIE=" erlang_cookie
    } else {
        print $0
    }
}' "$ENV_FILE" > "${ENV_FILE}.tmp" && mv "${ENV_FILE}.tmp" "$ENV_FILE"

log_info "Secrets generated and updated successfully!"
echo ""
log_warn "IMPORTANT: Keep these credentials secure!"
echo "- SECRET_KEY: $SECRET_KEY (50 chars)"
echo "- POSTGRES_PASSWORD: $DB_PASSWORD (32 chars)" 
echo "- RABBITMQ_PASS: $RABBITMQ_PASSWORD (32 chars)"
echo "- RABBITMQ_ERLANG_COOKIE: $ERLANG_COOKIE (20 chars)"
echo ""
log_info "Original .env file backed up."
echo ""
log_warn "Next step: Review EMAIL settings in .env if you want to configure SMTP"