#!/usr/bin/env bash
set -euo pipefail

RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
CYAN='\033[0;36m'; BOLD='\033[1m'; NC='\033[0m'

WEB_ROOT="${WEB_ROOT:-/var/www/html}"
MYSQL_HOST_DEFAULT="${MYSQL_HOST:-127.0.0.1}"
MYSQL_PORT_DEFAULT="${MYSQL_PORT:-3306}"
MYSQL_ADMIN_USER_DEFAULT="${MYSQL_ADMIN_USER:-root}"
ERP_DB_HOST_DEFAULT="${ERP_DB_HOST:-127.0.0.1}"
ERP_DB_PORT_DEFAULT="${ERP_DB_PORT:-3306}"
ERP_DB_NAME_DEFAULT="${ERP_DB_NAME:-mbinvmacrobase}"
ERP_DB_USER_DEFAULT="${ERP_DB_USER:-}"
CXP_IMAGE_DEFAULT="${CXP_IMAGE_DEFAULT:-${CXP_IMAGE:-cxp-app:latest}}"
BASE_DOMAIN="${BASE_DOMAIN:-sistemasmb.com}"

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
TEMPLATES_DIR="$(dirname "$SCRIPT_DIR")/templates"
REPO_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"

CLIENT_NAME="${1:-}"
CLIENT_PORT="${2:-}"
CLIENT_HOST="${3:-}"

if [ -z "$CLIENT_NAME" ]; then
    echo -e "${BOLD}Uso:${NC} sudo -E bash $0 <nombre> [puerto] [host]"
    echo "  Ej: sudo -E bash $0 manuales 8081 manuales-cxp.sistemasmb.com"
    exit 1
fi

echo "$CLIENT_NAME" | grep -qE '^[a-z][a-z0-9_]*$' || {
    echo -e "${RED}Nombre invalido.${NC} Solo minusculas, numeros y _."; exit 1; }

if [ -z "$CLIENT_HOST" ]; then
    CLIENT_HOST="${CLIENT_NAME}-cxp.${BASE_DOMAIN}"
fi

APP_DIR="$WEB_ROOT/$CLIENT_NAME/mbcxp"
[ -d "$APP_DIR" ] && { echo -e "${RED}Ya existe: $APP_DIR${NC}"; exit 1; }

command -v docker >/dev/null 2>&1 || { echo -e "${RED}Docker no instalado${NC}"; exit 1; }
docker compose version >/dev/null 2>&1 || { echo -e "${RED}Docker Compose v2 requerido${NC}"; exit 1; }

if [ -z "$CLIENT_PORT" ]; then
    LAST=$(grep -rh '^CLIENT_PORT=' "$WEB_ROOT"/*/mbcxp/.env 2>/dev/null | sed 's/CLIENT_PORT=//' | sort -n | tail -1)
    CLIENT_PORT=$((${LAST:-8080} + 1))
fi

ss -tln 2>/dev/null | grep -q ":${CLIENT_PORT} " && {
    echo -e "${RED}Puerto $CLIENT_PORT en uso${NC}"; exit 1; }

DB_NAME_DEFAULT="cxp_${CLIENT_NAME}"
DB_USER_DEFAULT="cxp_${CLIENT_NAME}"
DB_PASS_DEFAULT=$(openssl rand -base64 18 | tr -d '/+=')
APP_SECRET=$(openssl rand -hex 16)
SQL_TEMPLATE="$REPO_ROOT/sql/cxpInstalacion.sql"

[ -f "$SQL_TEMPLATE" ] || {
    echo -e "${RED}Falta $SQL_TEMPLATE${NC}"
    echo "Generalo primero con: bash deploy/scripts/generate-templates.sh"
    exit 1
}

echo -e "\n${CYAN}Configuracion de base de datos del nuevo servidor${NC}"
read -p "  MySQL Host [$MYSQL_HOST_DEFAULT]: " MYSQL_HOST
MYSQL_HOST="${MYSQL_HOST:-$MYSQL_HOST_DEFAULT}"
read -p "  MySQL Port [$MYSQL_PORT_DEFAULT]: " MYSQL_PORT
MYSQL_PORT="${MYSQL_PORT:-$MYSQL_PORT_DEFAULT}"
read -p "  DB User [$DB_USER_DEFAULT]: " DB_USER
DB_USER="${DB_USER:-$DB_USER_DEFAULT}"
read -p "  DB Name [$DB_NAME_DEFAULT]: " DB_NAME
DB_NAME="${DB_NAME:-$DB_NAME_DEFAULT}"
read -p "  DB Pass: " DB_PASS
DB_PASS="${DB_PASS:-$DB_PASS_DEFAULT}"
read -p "  La base y el usuario ya existen? [S/n]: " DB_ALREADY_EXISTS
DB_ALREADY_EXISTS="${DB_ALREADY_EXISTS:-S}"

MYSQL_ADMIN_USER="$DB_USER"
MYSQL_ADMIN_PASS="$DB_PASS"
if [ "$DB_ALREADY_EXISTS" = "n" ] || [ "$DB_ALREADY_EXISTS" = "N" ]; then
    read -p "  MySQL Admin User [$MYSQL_ADMIN_USER_DEFAULT]: " MYSQL_ADMIN_USER
    MYSQL_ADMIN_USER="${MYSQL_ADMIN_USER:-$MYSQL_ADMIN_USER_DEFAULT}"
fi

echo -e "\n${CYAN}Configuracion ERP${NC}"
read -p "  ERP Host [$ERP_DB_HOST_DEFAULT]: " ERP_DB_HOST
ERP_DB_HOST="${ERP_DB_HOST:-$ERP_DB_HOST_DEFAULT}"
read -p "  ERP Port [$ERP_DB_PORT_DEFAULT]: " ERP_DB_PORT
ERP_DB_PORT="${ERP_DB_PORT:-$ERP_DB_PORT_DEFAULT}"
read -p "  ERP DB Name [$ERP_DB_NAME_DEFAULT]: " ERP_DB_NAME
ERP_DB_NAME="${ERP_DB_NAME:-$ERP_DB_NAME_DEFAULT}"
read -p "  ERP User [${ERP_DB_USER_DEFAULT:-$DB_USER}]: " ERP_DB_USER
ERP_DB_USER="${ERP_DB_USER:-${ERP_DB_USER_DEFAULT:-$DB_USER}}"

echo ""
echo "Cliente   : $CLIENT_NAME"
echo "Host web  : $CLIENT_HOST"
echo "Puerto web: $CLIENT_PORT"
echo "DB host   : $MYSQL_HOST:$MYSQL_PORT"
echo "DB nombre : $DB_NAME"
echo "DB usuario: $DB_USER"
echo "DB creada : $DB_ALREADY_EXISTS"
echo "ERP host  : $ERP_DB_HOST:$ERP_DB_PORT"
echo "ERP DB    : $ERP_DB_NAME"
echo "Imagen    : $CXP_IMAGE_DEFAULT"
echo "Ruta      : $APP_DIR"
echo ""
read -p "Continuar? (s/N): " CONFIRM
[ "$CONFIRM" = "s" ] || [ "$CONFIRM" = "S" ] || exit 0

if [ "$DB_ALREADY_EXISTS" = "n" ] || [ "$DB_ALREADY_EXISTS" = "N" ]; then
    echo -e "\n${CYAN}Password MySQL admin ($MYSQL_ADMIN_USER):${NC}"
    read -s MYSQL_ADMIN_PASS; echo ""
else
    echo -e "\n${CYAN}Usando el DB Pass ingresado para conectar a MySQL como ${DB_USER}.${NC}"
fi

echo -e "${CYAN}Password ERP ($ERP_DB_USER):${NC}"
read -s ERP_DB_PASS; echo ""
if [ -z "$ERP_DB_PASS" ]; then
    ERP_DB_PASS="$DB_PASS"
fi

echo -e "\n${CYAN}[0/4]${NC} Validando conexion MySQL"
mysql -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_ADMIN_USER" -p"$MYSQL_ADMIN_PASS" -e "SELECT 1" "$DB_NAME" >/dev/null

echo -e "\n${CYAN}[1/4]${NC} Base de datos"
if [ "$DB_ALREADY_EXISTS" = "n" ] || [ "$DB_ALREADY_EXISTS" = "N" ]; then
mysql -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_ADMIN_USER" -p"$MYSQL_ADMIN_PASS" <<EOSQL
CREATE DATABASE IF NOT EXISTS \`$DB_NAME\`
  CHARACTER SET utf8mb4 COLLATE utf8mb4_spanish_ci;
CREATE USER IF NOT EXISTS '$DB_USER'@'%' IDENTIFIED BY '$DB_PASS';
GRANT ALL PRIVILEGES ON \`$DB_NAME\`.* TO '$DB_USER'@'%';
FLUSH PRIVILEGES;
EOSQL
    echo -e "${GREEN}OK${NC} base y usuario creados"
fi
mysql -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$DB_USER" -p"$DB_PASS" "$DB_NAME" < "$SQL_TEMPLATE"
echo -e "${GREEN}OK${NC} plantilla importada"

echo -e "\n${CYAN}[2/4]${NC} Archivos cliente"
mkdir -p "$APP_DIR"
cat > "$APP_DIR/.env" <<EOF
# ============================================================
# CXP - Cliente: $CLIENT_NAME
# Generado: $(date '+%Y-%m-%d %H:%M')
# ============================================================
CLIENT_NAME=$CLIENT_NAME
CLIENT_HOST=$CLIENT_HOST
CLIENT_PORT=$CLIENT_PORT
CXP_IMAGE=$CXP_IMAGE_DEFAULT
APP_ENV=prod
APP_SECRET=$APP_SECRET
APP_DEBUG=0
DB_HOST=$MYSQL_HOST
DB_PORT=$MYSQL_PORT
DB_NAME=$DB_NAME
DB_USER=$DB_USER
DB_PASS=$DB_PASS
ERP_DB_HOST=$ERP_DB_HOST
ERP_DB_PORT=$ERP_DB_PORT
ERP_DB_NAME=$ERP_DB_NAME
ERP_DB_USER=$ERP_DB_USER
ERP_DB_PASS=$ERP_DB_PASS
TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR
EOF
cp "$TEMPLATES_DIR/docker-compose.client.yml" "$APP_DIR/docker-compose.yml"
cp "$REPO_ROOT/docker/nginx/prod.conf" "$APP_DIR/nginx.conf"
echo -e "${GREEN}OK${NC} archivos generados"

echo -e "\n${CYAN}[3/4]${NC} Docker"
if echo "$CXP_IMAGE_DEFAULT" | grep -q '/'; then
    docker pull "$CXP_IMAGE_DEFAULT"
else
    docker image inspect "$CXP_IMAGE_DEFAULT" >/dev/null 2>&1 || {
        echo -e "${RED}Imagen no encontrada: $CXP_IMAGE_DEFAULT${NC}"
        echo "Haz docker pull o docker build antes de instalar clientes."
        exit 1
    }
fi
cd "$APP_DIR"
docker compose up -d
sleep 12
HTTP=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "http://127.0.0.1:${CLIENT_PORT}/health" 2>/dev/null || echo "000")
[ "$HTTP" = "200" ] && echo -e "${GREEN}OK${NC} contenedor responde /health" || echo -e "${YELLOW}WARN${NC} /health devolvio $HTTP"

echo -e "\n${CYAN}[4/4]${NC} Apache"
VHOST="/etc/apache2/sites-available/cxp-${CLIENT_NAME}.conf"
sed -e "s/__CLIENT_NAME__/$CLIENT_NAME/g" \
    -e "s/__CLIENT_HOST__/$CLIENT_HOST/g" \
    -e "s/__CLIENT_PORT__/$CLIENT_PORT/g" \
    "$TEMPLATES_DIR/apache-vhost.conf.template" > "$VHOST"
a2enmod proxy proxy_http headers rewrite >/dev/null 2>&1 || true
a2ensite "cxp-${CLIENT_NAME}.conf" >/dev/null 2>&1 || true
apachectl configtest
systemctl reload apache2

echo ""
echo "URL      : http://$CLIENT_HOST/"
echo "Puerto   : $CLIENT_PORT"
echo "DB Host  : $MYSQL_HOST:$MYSQL_PORT"
echo "BD       : $DB_NAME"
echo "DB User  : $DB_USER"
echo "Ruta     : $APP_DIR"
echo ""
echo "Siguientes pasos:"
echo "  1. Crear DNS A/AAAA para $CLIENT_HOST"
echo "  2. Habilitar SSL con certbot"
echo "  3. Entrar con usuario mb"