#!/bin/bash

# SkyArt Shop - System Status & Verification Tool
# Checks authentication, database, and service health

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

echo ""
echo "=========================================="
echo "  SkyArt Shop - System Verification"
echo "=========================================="
echo ""

# Check service status
echo -e "${BLUE}[1/6] Service Status${NC}"
if systemctl is-active --quiet skyartshop.service; then
    echo -e "  ${GREEN}✓${NC} Service is running"
    UPTIME=$(systemctl show skyartshop.service --property=ActiveEnterTimestamp --value)
    echo "  Uptime: $UPTIME"
else
    echo -e "  ${RED}✗${NC} Service is NOT running"
    exit 1
fi
echo ""

# Check MongoDB
echo -e "${BLUE}[2/6] MongoDB Connection${NC}"
if mongosh --quiet --eval "db.version()" SkyArtShopDB >/dev/null 2>&1; then
    MONGO_VERSION=$(mongosh --quiet --eval "db.version()" SkyArtShopDB 2>/dev/null)
    echo -e "  ${GREEN}✓${NC} MongoDB connected (version $MONGO_VERSION)"
else
    echo -e "  ${RED}✗${NC} MongoDB connection failed"
    exit 1
fi
echo ""

# Check admin user
echo -e "${BLUE}[3/6] Admin User${NC}"
ADMIN_EXISTS=$(mongosh SkyArtShopDB --quiet --eval 'db.AdminUsers.countDocuments({Email: "admin@skyartshop.com"})' 2>/dev/null)
if [ "$ADMIN_EXISTS" = "1" ]; then
    echo -e "  ${GREEN}✓${NC} Admin user exists"
    ADMIN_ROLE=$(mongosh SkyArtShopDB --quiet --eval 'db.AdminUsers.findOne({Email: "admin@skyartshop.com"}, {Role: 1, _id: 0}).Role' 2>/dev/null)
    echo "  Role: $ADMIN_ROLE"
else
    echo -e "  ${RED}✗${NC} Admin user NOT found"
    echo "  Run: ./reset-admin-password.sh to create"
fi
echo ""

# Check DataProtection keys
echo -e "${BLUE}[4/6] DataProtection Keys${NC}"
KEYS_DIR="/var/www/SkyArtShop/publish/DataProtection-Keys"
if [ -d "$KEYS_DIR" ]; then
    KEY_COUNT=$(ls -1 "$KEYS_DIR"/*.xml 2>/dev/null | wc -l)
    if [ "$KEY_COUNT" -gt 0 ]; then
        echo -e "  ${GREEN}✓${NC} $KEY_COUNT key(s) found"
        LATEST_KEY=$(ls -t "$KEYS_DIR"/*.xml 2>/dev/null | head -1 | xargs basename)
        echo "  Latest: $LATEST_KEY"
    else
        echo -e "  ${YELLOW}⚠${NC} No keys found (will be generated)"
    fi
else
    echo -e "  ${YELLOW}⚠${NC} Keys directory doesn't exist"
    echo "  Run: ./fix-cookies.sh to create"
fi
echo ""

# Test web endpoint
echo -e "${BLUE}[5/6] Web Endpoint${NC}"
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" https://skyarts.ddns.net/admin/login -k)
if [ "$HTTP_CODE" = "200" ]; then
    echo -e "  ${GREEN}✓${NC} Login page accessible (HTTP $HTTP_CODE)"
else
    echo -e "  ${RED}✗${NC} Login page returned HTTP $HTTP_CODE"
fi
echo ""

# Test authentication
echo -e "${BLUE}[6/6] Authentication Test${NC}"
rm -f /tmp/test-cookies.txt
curl -c /tmp/test-cookies.txt -b /tmp/test-cookies.txt \
  -X POST "https://skyarts.ddns.net/admin/login" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=admin@skyartshop.com&password=Admin123!" \
  -k -s -o /dev/null

DASHBOARD_TITLE=$(curl -b /tmp/test-cookies.txt "https://skyarts.ddns.net/admin/dashboard" -k -s 2>/dev/null | grep -oP '<title>.*?</title>')
rm -f /tmp/test-cookies.txt

if [[ "$DASHBOARD_TITLE" == *"Dashboard"* ]]; then
    echo -e "  ${GREEN}✓${NC} Login successful"
    echo "  Dashboard accessible: $DASHBOARD_TITLE"
else
    echo -e "  ${RED}✗${NC} Login failed or dashboard inaccessible"
    echo "  Try: ./reset-admin-password.sh Admin123!"
fi
echo ""

# Summary
echo "=========================================="
echo -e "${GREEN}System Status: Operational${NC}"
echo "=========================================="
echo ""
echo "Quick Access:"
echo "  • Admin Panel: https://skyarts.ddns.net/admin/login"
echo "  • Default Login: admin@skyartshop.com / Admin123!"
echo ""
echo "Management Commands:"
echo "  • Reset password:  ./reset-admin-password.sh [password]"
echo "  • Fix cookies:     ./fix-cookies.sh"
echo "  • Service logs:    sudo journalctl -u skyartshop.service -f"
echo "  • Restart service: sudo systemctl restart skyartshop.service"
echo ""