#!/bin/bash
set -euo pipefail

# Mail-Archiver Restore Smoke Test
#
# Borg-Extract der Data-Protection-Keys + pg_restore des mailarchiver-Dumps
# in isoliertes Test-Postgres + Container-Boot + HTTP-Smoke.
#
# In Produktion nutzt Mail-Archiver die Shared PostgreSQL 18 — im Test
# bekommt er ein eigenes isoliertes Test-Postgres mit Wegwerf-Credentials.
# Authelia-ForwardAuth wird im Smoke nicht geprueft (kein Traefik, kein
# Auth-Middleware).

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
. "$SCRIPT_DIR/common.sh"

WHATIF=0
KEEP_DATA=0
for arg in "$@"; do
  case "$arg" in
    --what-if) WHATIF=1 ;;
    --keep-data) KEEP_DATA=1 ;;
    *) echo "Unknown argument: $arg" >&2; exit 1 ;;
  esac
done

RESTORE_ROOT="/mnt/user/backups/restore-lab/mailarchiver"
REPORT_ROOT="/mnt/user/backups/restore-reports"
EXTRACT_DIR="$BORG_RESTORE_HOST_ROOT/mailarchiver-extract"
COMPOSE_FILE="$SCRIPT_DIR/mailarchiver-compose.test.yml"
REPORT_FILE="$REPORT_ROOT/mailarchiver-$(date +%F).md"
DUMP_HOST_PATH="/mnt/user/backups/borg/dumps/latest/postgresql17-mailarchiver.dump"

if [ "$WHATIF" -eq 1 ]; then
  cat <<EOF
Mail-Archiver restore test
Mode: WhatIf
RestoreRoot: $RESTORE_ROOT
Borg source: local/appdata/mailarchiver/data-protection-keys
Host dump: $DUMP_HOST_PATH (645M)
Test endpoint: 127.0.0.1:15000
EOF
  exit 0
fi

require_cmd docker
require_cmd curl
require_path "$BORG_PASSPHRASE_FILE_DEFAULT"
require_path "$COMPOSE_FILE"
require_path "$DUMP_HOST_PATH"

RESTORE_SUCCESS=0
cleanup() {
  cleanup_compose "$COMPOSE_FILE"
  if [ "$RESTORE_SUCCESS" -ne 1 ]; then
    preserve_on_failure "mailarchiver" "$RESTORE_ROOT"
    rm -rf "$EXTRACT_DIR"
    return
  fi
  if [ "$KEEP_DATA" -ne 1 ]; then
    rm -rf "$RESTORE_ROOT"
  fi
  rm -rf "$EXTRACT_DIR"
}
trap cleanup EXIT

rm -rf "$EXTRACT_DIR" "$RESTORE_ROOT"
mkdir -p "$RESTORE_ROOT/data-protection-keys" "$RESTORE_ROOT/postgres"

archive="$(latest_archive_name)"
repo="$(borg_repo_url)"

if [ -z "$archive" ] || [ -z "$repo" ]; then
  echo "Could not resolve Borg repo/archive from borg-ui database" >&2
  exit 1
fi

# Stufe 1: Data-Protection-Keys aus Borg
borg_extract "/restore/mailarchiver-extract" "local/appdata/mailarchiver/data-protection-keys"
if [ ! -d "$EXTRACT_DIR/local/appdata/mailarchiver/data-protection-keys" ]; then
  echo "Mailarchiver data-protection-keys path missing in Borg archive" >&2
  exit 1
fi
cp -a "$EXTRACT_DIR/local/appdata/mailarchiver/data-protection-keys/." "$RESTORE_ROOT/data-protection-keys/"
chmod -R a+rwX "$RESTORE_ROOT/data-protection-keys"

# Stufe 2: Test-Postgres + Dump
docker compose -f "$COMPOSE_FILE" up -d restoretest-mailarchiver-postgres >/dev/null
until docker exec restoretest-mailarchiver-postgres pg_isready -U mailarchiver -d mailarchiver >/dev/null 2>&1; do
  sleep 2
done

restore_ok=0
for attempt in $(seq 1 12); do
  if docker exec -i restoretest-mailarchiver-postgres \
    pg_restore -U mailarchiver -d mailarchiver --clean --if-exists --no-owner --no-privileges \
    < "$DUMP_HOST_PATH" 2>/tmp/mailarchiver-pg-restore.err; then
    restore_ok=1
    break
  fi
  if grep -qiE "starting up|shutting down|connection refused" /tmp/mailarchiver-pg-restore.err; then
    sleep 5
    continue
  fi
  if grep -qiE "FATAL|PANIC" /tmp/mailarchiver-pg-restore.err; then
    cat /tmp/mailarchiver-pg-restore.err >&2
    exit 1
  fi
  restore_ok=1
  break
done
if [ "$restore_ok" -ne 1 ]; then
  cat /tmp/mailarchiver-pg-restore.err >&2
  exit 1
fi

# Stufe 3: Container starten
docker compose -f "$COMPOSE_FILE" up -d restoretest-mailarchiver >/dev/null

# Mailarchiver ist ein .NET-App, braucht ein paar Sekunden fuer DB-Migration.
# Smoke gegen den Root-Endpunkt — bei Authelia-geschuetztem Dienst liefert
# der Container selbst trotzdem einen HTTP-Response (302 oder 200).
http_status=""
for _ in $(seq 1 60); do
  http_status="$(curl -s -o /tmp/mailarchiver-body.html -w '%{http_code}' \
    -L http://127.0.0.1:15000/ || true)"
  if [ "$http_status" = "200" ] || [ "$http_status" = "302" ] || [ "$http_status" = "401" ]; then
    break
  fi
  sleep 2
done

if [ "$http_status" != "200" ] && [ "$http_status" != "302" ] && [ "$http_status" != "401" ]; then
  echo "Mailarchiver HTTP smoke failed: status=$http_status" >&2
  docker logs --tail 80 restoretest-mailarchiver >&2 || true
  exit 1
fi

# Tabellen-Count als Sanity
table_count="$(docker exec restoretest-mailarchiver-postgres \
  psql -U mailarchiver -d mailarchiver -tAc \
  "SELECT count(*) FROM information_schema.tables WHERE table_schema='public';" \
  2>/dev/null | tr -d '[:space:]' || echo "n/a")"

write_report "$REPORT_FILE" <<EOF
# Mail-Archiver Restore Test Report - $(date +%F)

- Service: \`mail-archiver\`
- Source repo: \`$repo\`
- Archive: \`$archive\`
- Restore root: \`$RESTORE_ROOT\`
- Test containers: \`restoretest-mailarchiver\`, \`restoretest-mailarchiver-postgres\`
- Test endpoint: \`http://127.0.0.1:15000/\`
- Result: \`SUCCESS\`

## Checks

- Borg extract of data-protection-keys: \`ok\`
- Host dump copy (645M): \`ok\`
- Dump import into isolated Postgres: \`ok\`
- HTTP status: \`$http_status\`
- Public table count in test DB: \`$table_count\`

## Notes

- Productive secrets (MAILARCHIVER_DB_CONNECTION, MAILARCHIVER_AUTH_PASSWORD) NOT used.
- Authelia ForwardAuth NOT tested (no Traefik in smoke).
- Test data was cleaned after success: \`$([ "$KEEP_DATA" -eq 1 ] && echo no || echo yes)\`
EOF

RESTORE_SUCCESS=1
echo "Mailarchiver restore test ok -> $REPORT_FILE"