#!/bin/bash
# ============================================================
# 02_deploy.sh
# Run as root — clones repo, sets up DB, backend, frontend
# Edit the GITHUB_TOKEN variable below before running!
# ============================================================
set -e

# ── CONFIG (edit these) ──────────────────────────────────────
GITHUB_TOKEN="ghp_PASTE_YOUR_TOKEN_HERE"
GITHUB_USER="dsentosa"
GITHUB_REPO="me.com"
DEPLOY_DIR="/var/www/html/me.goteku.com"
DOMAIN="me.goteku.com"
DB_NAME="personal_payroll_db"
DB_USER="payroll_user"
DB_PASS="changeme"        # change this for production!
ADMIN_USER="admin"
ADMIN_PASS="changeme"     # change this for production!
SECRET_KEY="33d69524ae20c32fcd2f4ad3140ea0f71b5f7224dd8ba1a93aa75e499a4e4320"
# ────────────────────────────────────────────────────────────

echo "=== Setting up PostgreSQL ==="
sudo -u postgres psql -c "SELECT 1 FROM pg_roles WHERE rolname='${DB_USER}';" | grep -q 1 || \
  sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';"
# Grant membership so postgres can assign ownership
sudo -u postgres psql -c "GRANT ${DB_USER} TO postgres;" 2>/dev/null || true
sudo -u postgres psql -c "SELECT 1 FROM pg_database WHERE datname='${DB_NAME}';" | grep -q 1 || \
  sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME} OWNER ${DB_USER};"
echo "PostgreSQL OK"

echo "=== Cloning repository ==="
rm -rf "${DEPLOY_DIR}"
mkdir -p /var/www/html
git clone "https://${GITHUB_TOKEN}@github.com/${GITHUB_USER}/${GITHUB_REPO}.git" "${DEPLOY_DIR}"
echo "Cloned to ${DEPLOY_DIR}"

echo "=== Setting up backend ==="
cd "${DEPLOY_DIR}/backend"

# Use python3.12 if available, otherwise fall back to python3.11 or python3
if command -v python3.12 &>/dev/null; then
  PY=python3.12
elif command -v python3.11 &>/dev/null; then
  PY=python3.11
else
  PY=python3
fi
echo "Using Python: $($PY --version)"

$PY -m venv venv
source venv/bin/activate

pip install --upgrade pip
pip install "bcrypt==4.0.1" --quiet
pip install -r requirements.txt

# Create production .env
cat > .env <<EOF
DATABASE_URL=postgresql://${DB_USER}:${DB_PASS}@localhost/${DB_NAME}
SECRET_KEY=${SECRET_KEY}
ADMIN_USERNAME=${ADMIN_USER}
ADMIN_PASSWORD=${ADMIN_PASS}
EOF
echo "Backend .env created"

echo "=== Running database migrations ==="
alembic upgrade head

echo "=== Creating admin user ==="
python3 -c "
from app.core.database import SessionLocal
from app.models.user import User
from app.core.security import hash_password
import os
db = SessionLocal()
existing = db.query(User).filter(User.username == '${ADMIN_USER}').first()
if not existing:
    u = User(username='${ADMIN_USER}', hashed_password=hash_password('${ADMIN_PASS}'))
    db.add(u); db.commit()
    print('Admin user created')
else:
    print('Admin user already exists')
db.close()
"

deactivate

echo "=== Building frontend ==="
cd "${DEPLOY_DIR}/frontend"

# Create production .env
cat > .env <<EOF
VITE_API_BASE_URL=https://${DOMAIN}
EOF

npm install
npm run build
echo "Frontend built → ${DEPLOY_DIR}/frontend/dist"

echo "=== Fixing permissions ==="
chown -R www-data:www-data "${DEPLOY_DIR}"
chmod -R 755 "${DEPLOY_DIR}"
# backend venv needs to be executable by root (systemd service runs as root)
chown -R root:root "${DEPLOY_DIR}/backend"

echo ""
echo "✅ Deploy complete!"
echo "   Next: run 03_nginx.sh then 04_ssl.sh"