#!/bin/bash

# ForensicPathways Deployment Script
# Usage: sudo ./deploy.sh

set -e

WEBROOT="/var/www/forensic-pathways"
BACKUP_DIR="/var/backups/forensic-pathways"
LOG_DIR="$WEBROOT/logs"
DATA_DIR="$WEBROOT/data"
UPLOADS_DIR="$WEBROOT/public/uploads"

# Get original user who called sudo
ORIGINAL_USER="${SUDO_USER:-$USER}"
ORIGINAL_HOME=$(eval echo "~$ORIGINAL_USER")

echo "🚀 ForensicPathways Deployment Starting..."
echo "📅 $(date '+%Y-%m-%d %H:%M:%S')"
echo "👤 Original user: $ORIGINAL_USER"
echo ""

# Check if running as root
if [ "$EUID" -ne 0 ]; then
    echo "❌ Error: This script must be run as root (use sudo)"
    exit 1
fi

# Function to build application with nvm support
build_with_nvm() {
    echo "📦 Building application as user $ORIGINAL_USER..."
    
    if sudo -u "$ORIGINAL_USER" bash -c "
        cd '$PWD'
        
        # Load nvm if available
        export NVM_DIR='$ORIGINAL_HOME/.nvm'
        [ -s '\$NVM_DIR/nvm.sh' ] && source '\$NVM_DIR/nvm.sh'
        
        # Load user shell profile
        [ -s '$ORIGINAL_HOME/.bashrc' ] && source '$ORIGINAL_HOME/.bashrc'
        [ -s '$ORIGINAL_HOME/.profile' ] && source '$ORIGINAL_HOME/.profile'
        
        # Verify npm is available
        if ! command -v npm &> /dev/null; then
            echo 'npm not found in user environment'
            exit 1
        fi
        
        # Show versions for debugging
        echo \"npm version: \$(npm --version)\"
        echo \"node version: \$(node --version)\"
        
        # Run the build
        npm run build
    "; then
        echo "✅ Build completed successfully"
        return 0
    else
        echo "❌ Build failed"
        return 1
    fi
}

# Check for existing dist or build if needed
if [ ! -d "dist" ]; then
    echo "📦 No dist/ directory found, building..."
    if ! build_with_nvm; then
        echo ""
        echo "💡 Alternative: Build manually first:"
        echo "   npm run build"
        echo "   sudo ./deploy.sh"
        exit 1
    fi
else
    echo "📦 Found existing dist/ directory"
    read -p "🤔 Rebuild application? (y/N): " -n 1 -r
    echo
    if [[ $REPLY =~ ^[Yy]$ ]]; then
        if ! build_with_nvm; then
            echo ""
            echo "💡 Using existing dist/ due to build failure"
        fi
    else
        echo "📦 Using existing build"
    fi
fi

# Verify dist exists before proceeding
if [ ! -d "dist" ]; then
    echo "❌ Error: No dist/ directory available for deployment"
    exit 1
fi

# Create backup if existing deployment exists
if [ -d "$WEBROOT" ]; then
    BACKUP_TIMESTAMP=$(date +%Y%m%d_%H%M%S)
    BACKUP_PATH="$BACKUP_DIR/$BACKUP_TIMESTAMP"
    
    echo "💾 Creating backup at $BACKUP_PATH..."
    mkdir -p "$BACKUP_DIR"
    cp -r "$WEBROOT" "$BACKUP_PATH"
    echo "✅ Backup created successfully"
    
    # Preserve existing .env if it exists
    if [ -f "$WEBROOT/.env" ]; then
        cp "$WEBROOT/.env" "/tmp/forensic-pathways.env.backup"
        echo "💾 Preserved existing .env configuration"
    fi
    
    # Clean old backups (keep last 5)
    if [ -d "$BACKUP_DIR" ]; then
        cd "$BACKUP_DIR"
        ls -1t | tail -n +6 | xargs -r rm -rf
        echo "🧹 Cleaned old backups (keeping last 5)"
    fi
fi

# Create webroot and subdirectories
echo "📁 Setting up directory structure..."
mkdir -p "$WEBROOT"
mkdir -p "$LOG_DIR"
mkdir -p "$DATA_DIR"
mkdir -p "$UPLOADS_DIR"
mkdir -p "$WEBROOT/src/data"
mkdir -p "$WEBROOT/public"
mkdir -p "$WEBROOT/server"
mkdir -p "$DATA_DIR/embeddings"
mkdir -p "$LOG_DIR/access"
mkdir -p "$LOG_DIR/error"
mkdir -p "$LOG_DIR/ai"
echo "✅ Directory structure created"

# Copy built application
echo "📋 Copying application files..."
cp -r dist/* "$WEBROOT/"
echo "✅ Application files copied ($(du -sh dist | cut -f1))"

# Copy essential data files
echo "🗂️  Setting up data files..."
if [ -f "src/data/tools.yaml" ]; then
    cp src/data/tools.yaml "$WEBROOT/src/data/"
    echo "✅ tools.yaml copied ($(wc -l < src/data/tools.yaml) lines)"
else
    echo "❌ Error: src/data/tools.yaml not found"
    exit 1
fi

# Copy any existing knowledgebase content
if [ -d "src/content/knowledgebase" ]; then
    mkdir -p "$WEBROOT/src/content"
    cp -r src/content/knowledgebase "$WEBROOT/src/content/"
    KB_COUNT=$(find src/content/knowledgebase -name "*.md" | wc -l)
    echo "✅ Knowledgebase content copied ($KB_COUNT articles)"
fi

# Handle environment configuration
if [ -f "/tmp/forensic-pathways.env.backup" ]; then
    echo "🔧 Restoring existing .env configuration..."
    cp "/tmp/forensic-pathways.env.backup" "$WEBROOT/.env"
    rm "/tmp/forensic-pathways.env.backup"
    echo "✅ Existing configuration restored"
else
    echo "🔧 Setting up new environment configuration..."
    cp .env.example "$WEBROOT/.env"
    echo "⚠️  IMPORTANT: Edit $WEBROOT/.env with your configuration"
fi

# Create additional required files
echo "📝 Creating additional files..."

# Create placeholder log files
touch "$LOG_DIR/access.log"
touch "$LOG_DIR/error.log"
touch "$LOG_DIR/ai-pipeline.log"

echo "✅ Additional files and directories created"

# Set proper permissions
echo "🔐 Setting permissions..."
chown -R www-data:www-data "$WEBROOT"
chmod -R 755 "$WEBROOT"
chmod 600 "$WEBROOT/.env"

# Specific permissions for data directories
chmod 755 "$DATA_DIR"
chmod 755 "$UPLOADS_DIR"
chmod 755 "$LOG_DIR"
chmod 644 "$LOG_DIR"/*.log

# Make server entry point executable
if [ -f "$WEBROOT/server/entry.mjs" ]; then
    chmod 755 "$WEBROOT/server/entry.mjs"
    echo "✅ Server entry point permissions set"
fi

echo "✅ Permissions configured successfully"

# Display deployment summary
echo ""
echo "═══════════════════════════════════════════════════════════════"
echo "✅ ForensicPathways Deployment Complete!"
echo "═══════════════════════════════════════════════════════════════"
echo ""
echo "📊 Deployment Summary:"
echo "   🎯 Target: $WEBROOT"
echo "   💾 Backup: $BACKUP_DIR"
echo "   📁 Logs: $LOG_DIR"
echo "   📤 Uploads: $UPLOADS_DIR"
echo "   🗃️  Data: $DATA_DIR"
echo "   📏 Size: $(du -sh $WEBROOT | cut -f1)"
echo ""
echo "📋 Required Next Steps:"
echo "   1. 🔧 Edit $WEBROOT/.env with your configuration"
echo "      - Set PUBLIC_BASE_URL to your domain"
echo "      - Configure AI_ANALYZER_* settings"
echo "      - Set AUTH_SECRET to a secure value"
echo ""
echo "   2. 🔄 Restart services:"
echo "      sudo systemctl restart forensic-pathways"
echo "      sudo systemctl reload nginx"
echo ""
echo "   3. 🔍 Check status:"
echo "      sudo systemctl status forensic-pathways"
echo "      sudo tail -f $LOG_DIR/error.log"
echo ""
echo "🌐 Once configured, access at: http://your-domain.com"
echo ""

# Final validation
echo "🔍 Post-deployment validation..."
if [ -f "$WEBROOT/.env" ]; then
    echo "✅ Environment configuration exists"
else
    echo "❌ Environment configuration missing"
fi

if [ -f "$WEBROOT/src/data/tools.yaml" ]; then
    TOOL_COUNT=$(grep -c "^  - name:" "$WEBROOT/src/data/tools.yaml" || echo "unknown")
    echo "✅ Tools database exists ($TOOL_COUNT tools)"
else
    echo "❌ Tools database missing"
fi

if [ -d "$WEBROOT/server" ]; then
    echo "✅ Server directory exists"
else
    echo "❌ Server directory missing"
fi

if [ -f "$WEBROOT/server/entry.mjs" ]; then
    echo "✅ Server entry point exists"
else
    echo "⚠️  Warning: Server entry point not found"
fi

echo ""
echo "🎉 Deployment script completed at $(date '+%Y-%m-%d %H:%M:%S')"