#!/bin/bash
set -euo pipefail

TOKEN=""
API_URL="https://app.leorna.com/api/identity"
CORE_URL="https://api.leorna.com"
INSTALL_DIR="${LEORNA_INSTALL_DIR:-${BETWIXT_INSTALL_DIR:-/usr/local/bin}}"
BX_BIN="${INSTALL_DIR}/bx"
TMPDIR="$(mktemp -d)"

cleanup() {
  rm -rf "${TMPDIR}"
}
trap cleanup EXIT

download_candidate() {
  local url="$1"
  local target="$2"
  local status
  status="$(curl -fsSL -o "${target}" -w "%{http_code}" "${url}" 2>/dev/null || true)"
  [[ "${status}" == "200" && -s "${target}" ]]
}

install_binary() {
  local src="$1"
  chmod +x "${src}"
  if [ -w "${INSTALL_DIR}" ]; then
    mv "${src}" "${BX_BIN}"
  else
    sudo mv "${src}" "${BX_BIN}" 2>/dev/null || mv "${src}" "${BX_BIN}"
  fi
}

invoking_home() {
  local home_path=""
  if [ -n "${SUDO_USER:-}" ] && [ "${SUDO_USER}" != "root" ]; then
    if command -v getent >/dev/null 2>&1; then
      home_path="$(getent passwd "${SUDO_USER}" | cut -d: -f6 || true)"
      if [ -n "${home_path}" ]; then
        printf '%s\n' "${home_path}"
        return 0
      fi
    fi
    if command -v dscl >/dev/null 2>&1; then
      home_path="$(dscl . -read "/Users/${SUDO_USER}" NFSHomeDirectory 2>/dev/null | awk '{print $2}' || true)"
      if [ -n "${home_path}" ]; then
        printf '%s\n' "${home_path}"
        return 0
      fi
    fi
  fi
  printf '%s\n' "${HOME}"
}

run_bx_as_invoking_user() {
  if [ -n "${SUDO_USER:-}" ] && [ "${SUDO_USER}" != "root" ] && command -v sudo >/dev/null 2>&1; then
    sudo -H -u "${SUDO_USER}" "${BX_BIN}" "$@"
  else
    "${BX_BIN}" "$@"
  fi
}

save_cli_config() {
  local device_token="$1"
  local config_parent
  local config_dir
  local cfg
  config_parent="$(invoking_home)/.config"
  config_dir="${config_parent}/betwixtos"
  cfg="${config_dir}/cli.toml"

  mkdir -p "${config_dir}"
  chmod 700 "${config_dir}" 2>/dev/null || true
  cat >"${cfg}.tmp" <<EOF
core_endpoint = "${CORE_URL}"
api_token = "${device_token}"
telemetry_enabled = false
provider_mode = "auto"

[mesh_session]
status = "unknown"
detail = "device registered via installer"
EOF
  mv "${cfg}.tmp" "${cfg}"
  chmod 600 "${cfg}" 2>/dev/null || true
  if [ -n "${SUDO_USER:-}" ] && [ "${SUDO_USER}" != "root" ]; then
    chown "${SUDO_USER}" "${config_parent}" "${config_dir}" "${cfg}" 2>/dev/null || true
  fi
}

redeem_device_token() {
  local response
  local device_token
  local device_id
  local api_base
  api_base="${API_URL%/}"
  response="$(curl -fsSL -X POST "${api_base}/device-tokens/redeem" \
    -H "content-type: application/json" \
    --data "{\"token\":\"${TOKEN}\",\"device\":{\"name\":\"Leorna CLI Device\",\"device_type\":\"cli\",\"fingerprint\":\"leorna-installer:${OS}:${ARCH}\"}}")"

  device_token="$(printf '%s' "${response}" | sed -n 's/.*"device_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
  device_id="$(printf '%s' "${response}" | sed -n 's/.*"device_id"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
  if [ -z "${device_token}" ]; then
    echo "  Device connection failed: identity API did not return a device token." >&2
    return 1
  fi

  save_cli_config "${device_token}"
  echo "  Device connected"
  if [ -n "${device_id}" ]; then
    echo "  Device ID: ${device_id}"
  fi
}

configure_cli() {
  local cfg
  cfg="$(invoking_home)/.config/betwixtos/cli.toml"
  if [ -f "${cfg}" ]; then
    sed -i.bak "s|core_endpoint = .*|core_endpoint = \"${CORE_URL}\"|" "${cfg}" && rm -f "${cfg}.bak"
  fi
}

auth_login() {
  if [ -z "${TOKEN}" ]; then
    return 0
  fi
  echo "  Connecting..."
  redeem_device_token
  configure_cli
}

while [ $# -gt 0 ]; do
  case "$1" in
    --token|-t)
      TOKEN="$2"
      shift 2
      ;;
    --api-url)
      API_URL="$2"
      shift 2
      ;;
    *)
      shift
      ;;
  esac
done

echo ""
echo "  Leorna - Installing..."
echo ""

OS="$(uname -s | tr '[:upper:]' '[:lower:]')"
ARCH="$(uname -m)"
case "${ARCH}" in
  x86_64|amd64) ARCH="amd64" ;;
  aarch64|arm64) ARCH="arm64" ;;
  *) echo "  Unsupported architecture: ${ARCH}" >&2; exit 1 ;;
esac

FOUND_BINARY=0
case "${OS}" in
  darwin)
    URL="https://get.leorna.com/bin/bx-darwin-${ARCH}"
    echo "  Downloading bx (macOS ${ARCH})..."
    if download_candidate "${URL}" "${TMPDIR}/bx"; then
      install_binary "${TMPDIR}/bx"
      FOUND_BINARY=1
    fi
    ;;
  linux)
    LIBC_SUFFIXES=("" "-musl")
    if ldd --version 2>&1 | grep -qi musl || ! ldd /bin/sh 2>/dev/null | grep -q libc.so; then
      LIBC_SUFFIXES=("-musl" "")
    fi
    for libc_suffix in "${LIBC_SUFFIXES[@]}"; do
      URL="https://get.leorna.com/bin/bx-linux-${ARCH}${libc_suffix}"
      echo "  Downloading bx (linux-${ARCH}${libc_suffix})..."
      if download_candidate "${URL}" "${TMPDIR}/bx"; then
        install_binary "${TMPDIR}/bx"
        FOUND_BINARY=1
        break
      fi
    done
    ;;
  *)
    echo "  Unsupported OS: ${OS}" >&2
    exit 1
    ;;
esac

if [ "${FOUND_BINARY}" -ne 1 ]; then
  echo "  No prebuilt bx binary is available for ${OS}/${ARCH}." >&2
  echo "  Please retry later or contact Leorna support." >&2
  exit 1
fi

echo "  Installed bx"
auth_login
echo ""
echo "  Ready! Run: bx doctor"
echo ""