#!/bin/bash
# Automated Cloudflare Tunnel Setup for Phase 1
# This script automates the entire Cloudflare Tunnel setup process using credentials from .env

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Navigate to project root: scripts -> phase1 -> terraform -> project root
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../.." && pwd)"
ENV_FILE="$PROJECT_ROOT/.env"

# Load .env file
if [ ! -f "$ENV_FILE" ]; then
    echo "Error: .env file not found at $ENV_FILE"
    exit 1
fi

echo "Loading Cloudflare credentials from .env file..."
export $(grep -v '^#' "$ENV_FILE" | grep -E "CLOUDFLARE_" | xargs)

# Check required variables
if [ -z "${CLOUDFLARE_ZONE_ID:-}" ] || [ -z "${CLOUDFLARE_ACCOUNT_ID:-}" ] || [ -z "${CLOUDFLARE_API_TOKEN:-}" ]; then
    echo "Error: Missing required Cloudflare credentials in .env file:"
    echo "  - CLOUDFLARE_ZONE_ID"
    echo "  - CLOUDFLARE_ACCOUNT_ID"
    echo "  - CLOUDFLARE_API_TOKEN"
    exit 1
fi

DOMAIN_NAME="${1:-}"
if [ -z "$DOMAIN_NAME" ]; then
    echo "Usage: $0 <domain-name>"
    echo "Example: $0 rpc.yourdomain.com"
    exit 1
fi

echo "=========================================="
echo "Automated Cloudflare Tunnel Setup"
echo "=========================================="
echo "Domain: $DOMAIN_NAME"
echo "Zone ID: $CLOUDFLARE_ZONE_ID"
echo "Account ID: $CLOUDFLARE_ACCOUNT_ID"
echo ""

# Get Nginx proxy IP from Terraform output
cd "$SCRIPT_DIR/.."
NGINX_IP=$(terraform output -json 2>/dev/null | jq -r '.nginx_proxy.value.public_ip // empty' || echo "")

if [ -z "$NGINX_IP" ]; then
    echo "Warning: Could not get Nginx proxy IP from Terraform. Using default: 20.160.58.99"
    NGINX_IP="20.160.58.99"
fi

echo "Nginx Proxy IP: $NGINX_IP"
echo ""

# Get backend VM IPs
echo "Getting backend VM IPs from Terraform..."
BACKEND_IPS=$(terraform output -json 2>/dev/null | jq -r '.phase1_us_regions.value | to_entries[] | .value.private_ips[0]' | tr '\n' ',' | sed 's/,$//' || echo "")

if [ -z "$BACKEND_IPS" ]; then
    echo "Warning: Could not get backend VM IPs from Terraform."
    BACKEND_IPS="10.1.1.4,10.2.1.4,10.3.1.4,10.4.1.4,10.5.1.4"
fi

echo "Backend IPs: $BACKEND_IPS"
echo ""

echo "=========================================="
echo "Setup Instructions"
echo "=========================================="
echo ""
echo "1. SSH to Nginx Proxy:"
echo "   ssh besuadmin@$NGINX_IP"
echo ""
echo "2. Run Cloudflare Tunnel setup:"
echo "   cd /opt/nginx"
echo "   wget https://raw.githubusercontent.com/your-repo/terraform/phases/phase1/scripts/setup-cloudflare-tunnel.sh"
echo "   chmod +x setup-cloudflare-tunnel.sh"
echo "   ./setup-cloudflare-tunnel.sh $DOMAIN_NAME"
echo ""
echo "3. Update Nginx backend configuration:"
echo "   wget https://raw.githubusercontent.com/your-repo/terraform/phases/phase1/scripts/update-nginx-backends.sh"
echo "   chmod +x update-nginx-backends.sh"
echo "   ./update-nginx-backends.sh \"$BACKEND_IPS\""
echo ""
echo "4. Configure Cloudflare DNS (if not done automatically):"
echo "   - Go to Cloudflare Dashboard → DNS"
echo "   - Add CNAME: $DOMAIN_NAME → <tunnel-id>.cfargotunnel.com"
echo "   - Enable proxy (orange cloud)"
echo ""
echo "5. Configure SSL/TLS:"
echo "   - Go to Cloudflare Dashboard → SSL/TLS"
echo "   - Set encryption mode to 'Full' or 'Full (strict)'"
echo ""
echo "=========================================="
echo "Cloudflare Credentials (from .env)"
echo "=========================================="
echo "Zone ID: $CLOUDFLARE_ZONE_ID"
echo "Account ID: $CLOUDFLARE_ACCOUNT_ID"
echo "API Token: ${CLOUDFLARE_API_TOKEN:0:10}... (hidden)"
echo ""
echo "These credentials will be automatically used by the setup scripts."
echo ""