export DISCORD_BRIDGE_YAML_VERSION=v2
export ENTRYPOINT_CONF_VERSION=v3
export HOMESERVER_YAML_VERSION=v36
export LOG_CONFIG_VERSION=v2
export SHARED_SECRET_AUTH_VERSION=v2
export SIGNAL_BRIDGE_YAML_VERSION=v6
export TELEGRAM_BRIDGE_YAML_VERSION=v6
export NGINX_CONFIG_VERSION=v13
export WK_SERVER_VERSION=v1
export WK_CLIENT_VERSION=v2
export MAS_CONFIG_VERSION=v2
export PG_BACKUP_VERSION=v2
export ADMIN_CONFIG_VERSION=v1

ensure_mas_database () {
    if ! psql -U synapse -d postgres -v ON_ERROR_STOP=1 -Atqc "SELECT 1 FROM pg_database WHERE datname = 'mas'" | grep -qx 1
    then
        psql -U synapse -d postgres -v ON_ERROR_STOP=1 -c "CREATE DATABASE mas OWNER synapse"
    fi
}

# Generate a PEM RSA private key and insert it as the MAS signing secret.
# `abra app secret generate` can only produce random hex/charset strings, so this
# secret is marked `generate=false` in .env.sample and handled here instead.
generate_mas_signing_rsa() {
    if ! command -v openssl &> /dev/null; then
        echo "openssl is required on your local machine to generate the MAS signing key."
        echo "It could not be found in your PATH, please install openssl to proceed."
        exit 1
    fi

    KEY=$(openssl genrsa 2048 2>/dev/null)
    if [ -z "$KEY" ]; then
        echo "Failed to generate RSA private key with openssl."
        exit 1
    fi

    if printf '%s\n' "$KEY" | abra app secret insert -C "$APP_NAME" mas_signing_rsa v1; then
        echo "MAS signing RSA key generated and inserted as v1."
    else
        echo "Failed to insert MAS signing RSA key."
        exit 1
    fi
}

# Local helper: fetch homeserver.yaml from app, push to mas, then syn2mas check + dry-run.
prepare_mas_migration () {
    local syn_cfg

    syn_cfg=/tmp/homeserver.yaml

    cleanup_prepare_mas_migration() {
        rm -f "homeserver.yaml"
    }
    trap cleanup_prepare_mas_migration EXIT

    echo "Fetching /data/homeserver.yaml from app to homeserver.yaml (abra app run … cat)..."
    if ! abra app run -t "$DOMAIN" app cat /data/homeserver.yaml > "homeserver.yaml"
    then
        return 1
    fi
    if [ ! -s "homeserver.yaml" ]; then
        echo "Error: fetched homeserver.yaml is empty." >&2
        return 1
    fi

    echo "Copying into mas:/tmp"
    abra app cp "$DOMAIN" "homeserver.yaml" "mas:/tmp" || return 1

    echo "Running mas-cli syn2mas check..."
    abra app run -t "$DOMAIN" mas -- mas-cli syn2mas check \
        --config /etc/mas/config.yaml \
        --synapse-config "$syn_cfg" || return 1

    echo "Running mas-cli syn2mas migrate --dry-run..."
    abra app run -t "$DOMAIN" mas -- mas-cli syn2mas migrate \
        --config /etc/mas/config.yaml \
        --synapse-config "$syn_cfg" \
        --dry-run || return 1

    trap - EXIT
    cleanup_prepare_mas_migration

    echo ""
    echo "=== Next migration step: stop Synapse (downtime) ==="
    echo "Run on a host whose Docker CLI targets this Swarm (same machine you use for 'abra app deploy')."
    if [ -n "${STACK_NAME:-}" ]; then
        echo "  docker service scale ${STACK_NAME}_app=0"
    else
        echo "STACK_NAME is not set here; resolve the Synapse service name with 'docker service ls' on that host, then:"
        echo "docker service scale <STACK_NAME>_app=0"
    fi
}

# Run syn2mas migrate for real (writes MAS data). Run from your operator machine as MAS image is distroless.
# Requires /tmp/homeserver.yaml in the mas container (e.g. from prepare_mas_migration) and
# Synapse scaled down before migrate.
run_mas_migration () {
    local syn_cfg=/tmp/homeserver.yaml

    echo "Running mas-cli syn2mas migrate in mas via abra app run..."
    abra app run -t "$DOMAIN" mas -- mas-cli syn2mas migrate \
        --config /etc/mas/config.yaml \
        --synapse-config "$syn_cfg"
}

set_admin () {
    admin=akadmin
    if [ -n "$1" ]
    then
        admin=$1
    fi
    psql -U synapse -c "UPDATE users SET admin = 1 WHERE name = '@$admin:$DOMAIN'";
}

set_bridge_tokens() {
    if [ -z "$1" ]; then
        echo "Error: Missing parameter. Usage: set_bridge_tokens <BRIDGETYPE>"
        return 1
    fi

    BRIDGETYPE=$1
    echo "retrieve tokens from registration.yaml..."
    output=$(abra app run $DOMAIN app cat /${BRIDGETYPE}-data/registration.yaml)
    if [ $? -ne 0 ]; then
        echo "Error: Failed to retrieve registration.yaml for ${BRIDGETYPE} bridge:"
        echo "$output"
        return 1
    fi

    hs_token=$(echo "$output" | sed -n 's/^hs_token:[[:space:]]*\(.*\)$/\1/p')
    as_token=$(echo "$output" | sed -n 's/^as_token:[[:space:]]*\(.*\)$/\1/p')

    echo "HS Token: $hs_token"
    echo "AS Token: $as_token"
    echo "UNDEPLOY $DOMAIN?"
    abra app undeploy $DOMAIN

    echo "Replacing tokens:"
    abra app secret rm $DOMAIN ${BRIDGETYPE}_as_token
    abra app secret insert $DOMAIN ${BRIDGETYPE}_as_token v1 $as_token
    abra app secret rm $DOMAIN ${BRIDGETYPE}_hs_token
    abra app secret insert $DOMAIN ${BRIDGETYPE}_hs_token v1 $hs_token

    echo "Redeploying $DOMAIN..."
    abra app deploy -n $DOMAIN
}