#!/bin/bash
set -eo pipefail
IFS=$'\n\t'

# Configuration
GIT_REMOTE_NAME="gogs"
GOGS_DOMAIN="netmon.thefoldwithin.earth"
GOGS_API="https://$GOGS_DOMAIN/api/v1"
USERNAME="mrhavens"
REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null) || { echo "[ERROR] Not inside a git repository." >&2; exit 1; }
REPO_NAME=$(basename "$REPO_ROOT") || { echo "[ERROR] Failed to get repository name" >&2; exit 1; }
MARKDOWN_FILE="$REPO_ROOT/.gitfield/gogs.sigil.md"
DEFAULT_NAME="Mark Randall Havens"
DEFAULT_EMAIL="mark.r.havens@gmail.com"
TOKEN_FILE="$HOME/.gitfield_token_gogs"
SCRIPT_VERSION="2.3"

# Logging functions
info()  { echo -e "\e[1;34m[INFO]\e[0m ${*:-}"; }
warn()  { echo -e "\e[1;33m[WARN]\e[0m ${*:-}"; }
error() { echo -e "\e[1;31m[ERROR]\e[0m ${*:-}" >&2; exit 1; }

# Check for required tools
info "Checking for required tools..."
for cmd in git curl jq; do
  command -v "$cmd" >/dev/null || {
    sudo apt update -qq || warn "Failed to update package lists, continuing..."
    sudo apt install -y git curl jq || error "Failed to install $cmd"
  }
done

# Function to prompt for GOGS token or password
prompt_for_credentials() {
  info "Credentials required."
  echo "🔐 Generate a token at https://$GOGS_DOMAIN/user/settings/applications (Recommended)"
  echo "   - REQUIRED: Select the 'write:repository' scope"
  echo "🔐 Alternatively, use your GOGS password"
  echo "🔐 Paste your GOGS Personal Access Token or Password (will not be echoed):"
  read -rsp "Token/Password: " CRED
  echo
  [[ -z "$CRED" ]] && error "Credentials cannot be empty"
  echo "$CRED" > "$TOKEN_FILE" || error "Failed to write credentials to $TOKEN_FILE"
  chmod 600 "$TOKEN_FILE" || error "Failed to set permissions on $TOKEN_FILE"
  info "Credentials saved at $TOKEN_FILE"
}

# Handle credentials
RESET_AUTH=false
if [[ "${1:-}" == "--reset-auth" ]]; then
  RESET_AUTH=true
  rm -f "$TOKEN_FILE" "$HOME/.git-credentials" 2>/dev/null || warn "Failed to remove credential files"
  info "Authentication reset requested."
fi

if [[ -f "$TOKEN_FILE" && "$RESET_AUTH" == false ]]; then
  CRED=$(cat "$TOKEN_FILE" 2>/dev/null) || error "Failed to read credentials from $TOKEN_FILE"
  info "Using cached credentials from $TOKEN_FILE"
else
  prompt_for_credentials
fi

# Verify GOGS token
info "Verifying GOGS credentials (read access)..."
TOKEN_TEST=$(curl -k -s -H "Authorization: token $CRED" "$GOGS_API/user" | jq -r .login 2>/dev/null || echo "")
if [[ "$TOKEN_TEST" != "$USERNAME" ]]; then
  warn "Token verification failed. Credentials may be a password or invalid token."
  # Retry with credentials as password if token fails
  PASSWORD_TEST=$(curl -k -s -u "$USERNAME:$CRED" "$GOGS_API/user" | jq -r .login 2>/dev/null || echo "")
  if [[ "$PASSWORD_TEST" != "$USERNAME" ]]; then
    warn "Password verification also failed. Please provide valid credentials."
    rm -f "$TOKEN_FILE"
    prompt_for_credentials
    TOKEN_TEST=$(curl -k -s -H "Authorization: token $CRED" "$GOGS_API/user" | jq -r .login 2>/dev/null || echo "")
    PASSWORD_TEST=$(curl -k -s -u "$USERNAME:$CRED" "$GOGS_API/user" | jq -r .login 2>/dev/null || echo "")
    [[ "$TOKEN_TEST" != "$USERNAME" && "$PASSWORD_TEST" != "$USERNAME" ]] && error "New credentials verification failed. Ensure they are valid."
  fi
  info "Credentials verified as password: $PASSWORD_TEST"
else
  info "Credentials verified as token: $TOKEN_TEST"
fi

# Test write access via API
info "Testing write access via API..."
TEST_REPO="test-repo-$(date +%s)"
WRITE_TEST=$(curl -k -v -H "Authorization: token $CRED" -X POST "$GOGS_API/user/repos" -H "Content-Type: application/json" -d "{\"name\": \"$TEST_REPO\", \"description\": \"Test\", \"private\": false, \"auto_init\": false}" 2>&1)
if [[ $? -ne 0 || $(echo "$WRITE_TEST" | grep -i "401" 2>/dev/null) ]]; then
  warn "Write access test failed with token: $WRITE_TEST"
  WRITE_TEST=$(curl -k -v -u "$USERNAME:$CRED" -X POST "$GOGS_API/user/repos" -H "Content-Type: application/json" -d "{\"name\": \"$TEST_REPO\", \"description\": \"Test\", \"private\": false, \"auto_init\": false}" 2>&1)
  if [[ $? -ne 0 || $(echo "$WRITE_TEST" | grep -i "401" 2>/dev/null) ]]; then
    error "Write access failed with both token and password. Check GOGS configuration."
  fi
  info "Write access test passed with password: $WRITE_TEST"
else
  info "Write access test passed with token: $WRITE_TEST"
fi

# Test Git push with credentials
info "Testing Git push with credentials..."
GIT_TEST=$(git ls-remote --heads "https://$USERNAME:$CRED@$GOGS_DOMAIN/$USERNAME/$REPO_NAME.git" 2>&1)
if [[ $? -ne 0 || $(echo "$GIT_TEST" | grep -i "401" 2>/dev/null) ]]; then
  warn "Git push test failed with token: $GIT_TEST"
  GIT_TEST=$(git ls-remote --heads "https://$USERNAME:$CRED@$GOGS_DOMAIN/$USERNAME/$REPO_NAME.git" 2>&1)
  if [[ $? -ne 0 || $(echo "$GIT_TEST" | grep -i "401" 2>/dev/null) ]]; then
    warn "Git push test also failed with password. This suggests a GOGS Git-over-HTTP issue."
    warn "1. Edit /home/git/gogs/custom/conf/app.ini and ensure:"
    warn "   [auth] ENABLE_ACCESS_TOKEN = true"
    warn "   [git] DISABLE_HTTP_GIT = false"
    warn "2. Restart GOGS: sudo systemctl restart gogs"
    warn "3. Try manual push with token: git push https://$USERNAME:$CRED@$GOGS_DOMAIN/$USERNAME/$REPO_NAME.git $DEFAULT_BRANCH"
    warn "4. Try manual push with password: git push https://$USERNAME:$CRED@$GOGS_DOMAIN/$USERNAME/$REPO_NAME.git $DEFAULT_BRANCH"
    warn "5. Check GOGS logs: sudo tail -f /home/git/gogs/log/gogs.log"
    error "Git push test failed. Adjust GOGS configuration or use manual workaround."
  fi
  info "Git push test passed with password: $GIT_TEST"
else
  info "Git push test passed with token: $GIT_TEST"
fi

# Set git user info
git config --global user.name "$DEFAULT_NAME" || warn "Failed to set git user name"
git config --global user.email "$DEFAULT_EMAIL" || warn "Failed to set git user email"
info "Git identity set to: $DEFAULT_NAME <$DEFAULT_EMAIL>"

# Ensure at least one commit exists
if ! git rev-parse HEAD &>/dev/null; then
  error "No commits found. Please add and commit files first."
fi

# Configure git credentials for HTTPS
info "Configuring git credentials for HTTPS..."
if [[ "$TOKEN_TEST" == "$USERNAME" ]]; then
  echo "https://$USERNAME:$CRED@$GOGS_DOMAIN" > "$HOME/.git-credentials" || error "Failed to write git credentials"
else
  echo "https://$USERNAME:$CRED@$GOGS_DOMAIN" > "$HOME/.git-credentials" || error "Failed to write git credentials"
fi
chmod 600 "$HOME/.git-credentials" || error "Failed to set permissions on git credentials"

# Check and create GOGS repository
info "Checking if repository exists..."
EXISTS=$(curl -k -s -H "Authorization: token $CRED" "$GOGS_API/repos/$USERNAME/$REPO_NAME" | jq -r .name 2>/dev/null || echo "")
if [[ "$EXISTS" != "$REPO_NAME" ]]; then
  info "Creating repository $REPO_NAME on GOGS..."
  CURL_OUTPUT=$(curl -k -s --fail -X POST "$GOGS_API/user/repos" \
    -H "Authorization: token $CRED" \
    -H "Content-Type: application/json" \
    -d "{\"name\": \"$REPO_NAME\", \"description\": \"Created via gitfield-gogs\", \"private\": false, \"auto_init\": false}" 2>&1) || {
    warn "Failed to create repository with token: $CURL_OUTPUT"
    CURL_OUTPUT=$(curl -k -s --fail -u "$USERNAME:$CRED" -X POST "$GOGS_API/user/repos" \
      -H "Content-Type: application/json" \
      -d "{\"name\": \"$REPO_NAME\", \"description\": \"Created via gitfield-gogs\", \"private\": false, \"auto_init\": false}" 2>&1)
    if [[ $? -ne 0 ]]; then
      error "Repository creation failed with both token and password. Check GOGS configuration."
    fi
    info "Repository created successfully with password."
  }
  info "Repository created successfully with token."
fi

# Set up git remote
REMOTE_URL="https://$GOGS_DOMAIN/$USERNAME/$REPO_NAME.git"
if ! git remote get-url "$GIT_REMOTE_NAME" &>/dev/null; then
  info "Adding remote $GIT_REMOTE_NAME..."
  git remote add "$GIT_REMOTE_NAME" "$REMOTE_URL" || error "Failed to add remote $GIT_REMOTE_NAME"
else
  info "Updating remote $GIT_REMOTE_NAME..."
  git remote set-url "$GIT_REMOTE_NAME" "$REMOTE_URL" || error "Failed to set remote URL for $GIT_REMOTE_NAME"
fi

# Generate metadata file
mkdir -p "$(dirname "$MARKDOWN_FILE")" || error "Failed to create directory for $MARKDOWN_FILE"
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S') || error "Failed to get timestamp"
DEFAULT_BRANCH=$(git symbolic-ref --short HEAD) || error "Failed to get default branch"
REPO_PATH="$REPO_ROOT"
LATEST_SHA=$(git rev-parse HEAD) || error "Failed to get latest commit SHA"
LAST_COMMIT_MSG=$(git log -1 --pretty=format:"%s" 2>/dev/null || echo "Unknown")
LAST_COMMIT_DATE=$(git log -1 --pretty=format:"%ad" 2>/dev/null || echo "Unknown")
LAST_COMMIT_AUTHOR=$(git log -1 --pretty=format:"%an <%ae>" 2>/dev/null || echo "Unknown")
TOTAL_COMMITS=$(git rev-list --count HEAD 2>/dev/null || echo "Unknown")
TRACKED_FILES=$(git ls-files 2>/dev/null | wc -l 2>/dev/null || echo "Unknown")
UNCOMMITTED=$(if ! git diff --quiet 2>/dev/null || ! git diff --cached --quiet 2>/dev/null; then echo "Yes"; else echo "No"; fi)
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "None")
HOSTNAME=$(hostname 2>/dev/null || echo "Unknown")
CURRENT_USER=$(whoami 2>/dev/null || echo "Unknown")
TIMEZONE=$(date +%Z 2>/dev/null || echo "Unknown")
OS_NAME=$(uname -s 2>/dev/null || echo "Unknown")
KERNEL_VERSION=$(uname -r 2>/dev/null || echo "Unknown")
ARCHITECTURE=$(uname -m 2>/dev/null || echo "Unknown")
OS_PRETTY_NAME=$(grep PRETTY_NAME /etc/os-release 2>/dev/null | cut -d= -f2 | tr -d '"' || echo "Unknown")
WEB_LINK="https://$GOGS_DOMAIN/$USERNAME/$REPO_NAME"

cat > "$MARKDOWN_FILE" <<EOF
# 🔗 GOGS Repository Link

- **Repo Name**: \`$REPO_NAME\`
- **GOGS User**: \`$USERNAME\`
- **Remote URL**: [$WEB_LINK]($WEB_LINK)
- **Local Repo Path**: \`$REPO_PATH\`
- **Remote Label**: \`$GIT_REMOTE_NAME\`
- **Default Branch**: \`$DEFAULT_BRANCH\`
- **Repo Created**: \`$TIMESTAMP\`

---

## 📦 Commit Info

- **This Commit Timestamp**: \`$TIMESTAMP\`
- **Last Commit SHA**: \`$LATEST_SHA\`
- **Last Commit Message**: \`$LAST_COMMIT_MSG\`
- **Last Commit Author**: \`$LAST_COMMIT_AUTHOR\`
- **Last Commit Date**: \`$LAST_COMMIT_DATE\`
- **This Commit URL**: [$WEB_LINK/commit/$LATEST_SHA]($WEB_LINK/commit/$LATEST_SHA)

---

## 📊 Repo Status

- **Total Commits**: \`$TOTAL_COMMITS\`
- **Tracked Files**: \`$TRACKED_FILES\`
- **Uncommitted Changes**: \`$UNCOMMITTED\`
- **Latest Tag**: \`$LATEST_TAG\`

---

## 🧭 Environment

- **Host Machine**: \`$HOSTNAME\`
- **Current User**: \`$CURRENT_USER\`
- **Time Zone**: \`$TIMEZONE\`
- **Script Version**: \`$SCRIPT_VERSION\`

---

## 🧬 Hardware & OS Fingerprint

- **OS Name**: \`$OS_NAME\`
- **OS Version**: \`$OS_PRETTY_NAME\`
- **Kernel Version**: \`$KERNEL_VERSION\`
- **Architecture**: \`$ARCHITECTURE\`
- **System Uptime**: \$(uptime -p 2>/dev/null || echo "Unknown")\`
- **Local IP**: \$(hostname -I 2>/dev/null | awk '{print $1}' 2>/dev/null || echo "Unknown")\`
- **CPU Model**: \$(grep -m1 'model name' /proc/cpuinfo 2>/dev/null | cut -d: -f2 | sed 's/^ //' 2>/dev/null || echo "Unknown")\`
- **Total RAM (GB)**: \$(awk '/MemTotal/ {printf "%.2f", $2/1024/1024}' /proc/meminfo 2>/dev/null || echo "Unknown")\`

---

_Auto-generated by \`gitfield-gogs\` push script._
EOF
[[ $? -eq 0 ]] || error "Failed to write metadata to $MARKDOWN_FILE"

# Commit and push
set +e
info "Committing markdown file..."
git add "$MARKDOWN_FILE" || warn "Failed to add markdown file"
git commit -m "GOGS metadata link commit at $TIMESTAMP — $WEB_LINK/commit/$LATEST_SHA" || warn "No changes to commit"

info "Pushing to GOGS..."
if ! git config --get branch."$DEFAULT_BRANCH".remote &>/dev/null; then
  if ! git push -u "$GIT_REMOTE_NAME" "$DEFAULT_BRANCH" 2>&1 | tee /tmp/git-push.log; then
    warn "Push to GOGS failed. Check /tmp/git-push.log for details."
    if grep -q "401" /tmp/git-push.log; then
      warn "HTTP 401 error detected. Token or password failed for Git push."
      warn "This suggests a GOGS Git-over-HTTP configuration issue."
      warn "1. Edit /home/git/gogs/custom/conf/app.ini and ensure:"
      warn "   [auth] ENABLE_ACCESS_TOKEN = true"
      warn "   [git] DISABLE_HTTP_GIT = false"
      warn "2. Restart GOGS: sudo systemctl restart gogs"
      warn "3. Try manual push with current credentials: git push https://$USERNAME:$CRED@$GOGS_DOMAIN/$USERNAME/$REPO_NAME.git $DEFAULT_BRANCH"
      warn "4. Check GOGS logs: sudo tail -f /home/git/gogs/log/gogs.log"
      error "Push failed. Adjust GOGS configuration or verify credentials."
    else
      error "Failed to push to $REMOTE_URL. Check network or GOGS server."
    fi
  fi
else
  if ! git push "$GIT_REMOTE_NAME" "$DEFAULT_BRANCH" 2>&1 | tee /tmp/git-push.log; then
    warn "Push to GOGS failed. Check /tmp/git-push.log for details."
    if grep -q "401" /tmp/git-push.log; then
      warn "HTTP 401 error detected. Token or password failed for Git push."
      warn "This suggests a GOGS Git-over-HTTP configuration issue."
      warn "1. Edit /home/git/gogs/custom/conf/app.ini and ensure:"
      warn "   [auth] ENABLE_ACCESS_TOKEN = true"
      warn "   [git] DISABLE_HTTP_GIT = false"
      warn "2. Restart GOGS: sudo systemctl restart gogs"
      warn "3. Try manual push with current credentials: git push https://$USERNAME:$CRED@$GOGS_DOMAIN/$USERNAME/$REPO_NAME.git $DEFAULT_BRANCH"
      warn "4. Check GOGS logs: sudo tail -f /home/git/gogs/log/gogs.log"
      error "Push failed. Adjust GOGS configuration or verify credentials."
    else
      error "Failed to push to $REMOTE_URL. Check network or GOGS server."
    fi
  fi
fi
set -e

info "✅ GOGS push complete."
echo -e "\n🔗 View in browser: $WEB_LINK\n"