#!/bin/bash
#
# MyFSIO Installation Script
# This script sets up MyFSIO for production use on Linux systems.
#
# Usage:
#   curl -fsSL https://example.com/install.sh | bash
#   OR
#   ./install.sh [OPTIONS]
#
# Options:
#   --install-dir DIR    Installation directory (default: /opt/myfsio)
#   --data-dir DIR       Data directory (default: /var/lib/myfsio)
#   --log-dir DIR        Log directory (default: /var/log/myfsio)
#   --user USER          System user to run as (default: myfsio)
#   --port PORT          API port (default: 5000)
#   --ui-port PORT       UI port (default: 5100)
#   --api-url URL        Public API URL (for presigned URLs behind proxy)
#   --no-systemd         Skip systemd service creation
#   --binary PATH        Path to myfsio binary (will download if not provided)
#   -y, --yes            Skip confirmation prompts
#

set -e

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

# Default values
INSTALL_DIR="/opt/myfsio"
DATA_DIR="/var/lib/myfsio"
LOG_DIR="/var/log/myfsio"
SERVICE_USER="myfsio"
API_PORT="5000"
UI_PORT="5100"
API_URL=""
SKIP_SYSTEMD=false
BINARY_PATH=""
AUTO_YES=false

# Parse arguments
while [[ $# -gt 0 ]]; do
    case $1 in
        --install-dir)
            INSTALL_DIR="$2"
            shift 2
            ;;
        --data-dir)
            DATA_DIR="$2"
            shift 2
            ;;
        --log-dir)
            LOG_DIR="$2"
            shift 2
            ;;
        --user)
            SERVICE_USER="$2"
            shift 2
            ;;
        --port)
            API_PORT="$2"
            shift 2
            ;;
        --ui-port)
            UI_PORT="$2"
            shift 2
            ;;
        --api-url)
            API_URL="$2"
            shift 2
            ;;
        --no-systemd)
            SKIP_SYSTEMD=true
            shift
            ;;
        --binary)
            BINARY_PATH="$2"
            shift 2
            ;;
        -y|--yes)
            AUTO_YES=true
            shift
            ;;
        -h|--help)
            head -30 "$0" | tail -25
            exit 0
            ;;
        *)
            echo -e "${RED}Unknown option: $1${NC}"
            exit 1
            ;;
    esac
done

echo -e "${BLUE}"
echo "╔══════════════════════════════════════════════════════════╗"
echo "║                  MyFSIO Installation                     ║"
echo "║           S3-Compatible Object Storage                   ║"
echo "╚══════════════════════════════════════════════════════════╝"
echo -e "${NC}"

# Check if running as root
if [[ $EUID -ne 0 ]]; then
    echo -e "${RED}Error: This script must be run as root (use sudo)${NC}"
    exit 1
fi

# Display configuration
echo -e "${YELLOW}Installation Configuration:${NC}"
echo "  Install directory:  $INSTALL_DIR"
echo "  Data directory:     $DATA_DIR"
echo "  Log directory:      $LOG_DIR"
echo "  Service user:       $SERVICE_USER"
echo "  API port:           $API_PORT"
echo "  UI port:            $UI_PORT"
if [[ -n "$API_URL" ]]; then
    echo "  Public API URL:     $API_URL"
fi
if [[ -n "$BINARY_PATH" ]]; then
    echo "  Binary path:        $BINARY_PATH"
fi
echo ""

# Confirm installation
if [[ "$AUTO_YES" != true ]]; then
    read -p "Proceed with installation? [y/N] " -n 1 -r
    echo
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Installation cancelled."
        exit 0
    fi
fi

echo ""
echo -e "${GREEN}[1/7]${NC} Creating system user..."
if id "$SERVICE_USER" &>/dev/null; then
    echo "  User '$SERVICE_USER' already exists"
else
    useradd --system --no-create-home --shell /usr/sbin/nologin "$SERVICE_USER"
    echo "  Created user '$SERVICE_USER'"
fi

echo -e "${GREEN}[2/7]${NC} Creating directories..."
mkdir -p "$INSTALL_DIR"
mkdir -p "$DATA_DIR"
mkdir -p "$LOG_DIR"
echo "  Created $INSTALL_DIR"
echo "  Created $DATA_DIR"
echo "  Created $LOG_DIR"

echo -e "${GREEN}[3/7]${NC} Installing binary..."
if [[ -n "$BINARY_PATH" ]]; then
    if [[ -f "$BINARY_PATH" ]]; then
        cp "$BINARY_PATH" "$INSTALL_DIR/myfsio"
        echo "  Copied binary from $BINARY_PATH"
    else
        echo -e "${RED}Error: Binary not found at $BINARY_PATH${NC}"
        exit 1
    fi
elif [[ -f "./myfsio" ]]; then
    cp "./myfsio" "$INSTALL_DIR/myfsio"
    echo "  Copied binary from ./myfsio"
else
    echo -e "${RED}Error: No binary provided. Use --binary PATH or place 'myfsio' in current directory${NC}"
    exit 1
fi
chmod +x "$INSTALL_DIR/myfsio"

echo -e "${GREEN}[4/7]${NC} Generating secret key..."
SECRET_KEY=$(openssl rand -base64 32)
echo "  Generated secure SECRET_KEY"

echo -e "${GREEN}[5/7]${NC} Creating environment file..."
cat > "$INSTALL_DIR/myfsio.env" << EOF
# MyFSIO Configuration
# Generated by install.sh on $(date)

# Storage paths
STORAGE_ROOT=$DATA_DIR
LOG_DIR=$LOG_DIR

# Network
APP_HOST=0.0.0.0
APP_PORT=$API_PORT

# Security - CHANGE IN PRODUCTION
SECRET_KEY=$SECRET_KEY
CORS_ORIGINS=*

# Public URL (set this if behind a reverse proxy)
$(if [[ -n "$API_URL" ]]; then echo "API_BASE_URL=$API_URL"; else echo "# API_BASE_URL=https://s3.example.com"; fi)

# Logging
LOG_LEVEL=INFO
LOG_TO_FILE=true

# Rate limiting
RATE_LIMIT_DEFAULT=200 per minute

# Optional: Encryption (uncomment to enable)
# ENCRYPTION_ENABLED=true
# KMS_ENABLED=true
EOF
chmod 600 "$INSTALL_DIR/myfsio.env"
echo "  Created $INSTALL_DIR/myfsio.env"

echo -e "${GREEN}[6/7]${NC} Setting permissions..."
chown -R "$SERVICE_USER:$SERVICE_USER" "$INSTALL_DIR"
chown -R "$SERVICE_USER:$SERVICE_USER" "$DATA_DIR"
chown -R "$SERVICE_USER:$SERVICE_USER" "$LOG_DIR"
echo "  Set ownership to $SERVICE_USER"

if [[ "$SKIP_SYSTEMD" != true ]]; then
    echo -e "${GREEN}[7/7]${NC} Creating systemd service..."
    cat > /etc/systemd/system/myfsio.service << EOF
[Unit]
Description=MyFSIO S3-Compatible Storage
Documentation=https://github.com/yourusername/myfsio
After=network.target

[Service]
Type=simple
User=$SERVICE_USER
Group=$SERVICE_USER
WorkingDirectory=$INSTALL_DIR
EnvironmentFile=$INSTALL_DIR/myfsio.env
ExecStart=$INSTALL_DIR/myfsio
Restart=on-failure
RestartSec=5

# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=$DATA_DIR $LOG_DIR
PrivateTmp=true

# Resource limits (adjust as needed)
# LimitNOFILE=65535
# MemoryMax=2G

[Install]
WantedBy=multi-user.target
EOF

    systemctl daemon-reload
    echo "  Created /etc/systemd/system/myfsio.service"
else
    echo -e "${GREEN}[7/7]${NC} Skipping systemd service (--no-systemd)"
fi

echo ""
echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}"
echo -e "${GREEN}║              Installation Complete!                      ║${NC}"
echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}"
echo ""
echo -e "${YELLOW}Next steps:${NC}"
echo ""
echo "  1. Review configuration:"
echo "     ${BLUE}cat $INSTALL_DIR/myfsio.env${NC}"
echo ""
echo "  2. Start the service:"
echo "     ${BLUE}sudo systemctl start myfsio${NC}"
echo ""
echo "  3. Enable on boot:"
echo "     ${BLUE}sudo systemctl enable myfsio${NC}"
echo ""
echo "  4. Check status:"
echo "     ${BLUE}sudo systemctl status myfsio${NC}"
echo ""
echo "  5. View logs:"
echo "     ${BLUE}sudo journalctl -u myfsio -f${NC}"
echo "     ${BLUE}tail -f $LOG_DIR/app.log${NC}"
echo ""
echo -e "${YELLOW}Access:${NC}"
echo "  API:  http://$(hostname -I | awk '{print $1}'):$API_PORT"
echo "  UI:   http://$(hostname -I | awk '{print $1}'):$UI_PORT/ui"
echo ""
echo -e "${YELLOW}Default credentials:${NC}"
echo "  Username: localadmin"
echo "  Password: localadmin"
echo -e "  ${RED}⚠ Change these immediately after first login!${NC}"
echo ""
echo -e "${YELLOW}Configuration files:${NC}"
echo "  Environment:     $INSTALL_DIR/myfsio.env"
echo "  IAM Users:       $DATA_DIR/.myfsio.sys/config/iam.json"
echo "  Bucket Policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
echo ""