#!/usr/bin/env bash
# set -euo pipefail

# ATB-15 Manual Testing Helper Script
# Tests membership auto-creation during OAuth login

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

print_header() {
    echo -e "\n${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
    echo -e "${BLUE}$1${NC}"
    echo -e "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}\n"
}

print_success() {
    echo -e "${GREEN}✓${NC} $1"
}

print_error() {
    echo -e "${RED}✗${NC} $1"
}

print_info() {
    echo -e "${YELLOW}ℹ${NC} $1"
}

print_step() {
    echo -e "\n${YELLOW}Step $1:${NC} $2"
}

# Check if .env exists
if [ ! -f "$PROJECT_ROOT/.env" ]; then
    print_error ".env file not found. Please copy .env.example to .env and configure."
    exit 1
fi

# Load environment variables
set -a
source "$PROJECT_ROOT/.env"
set +a

# Verify required variables
REQUIRED_VARS=("DATABASE_URL" "FORUM_DID" "PDS_URL" "OAUTH_PUBLIC_URL")
for var in "${REQUIRED_VARS[@]}"; do
    if [ -z "${!var:-}" ]; then
        print_error "Required environment variable $var is not set in .env"
        exit 1
    fi
done

print_header "ATB-15 Manual Testing: Membership Auto-Creation"

echo "This script helps test that:"
echo "  1. First-time login creates a membership record"
echo "  2. Repeated login doesn't create duplicates"
echo "  3. Login succeeds even if membership creation fails"
echo ""
echo "Prerequisites:"
echo "  • Dev servers running (pnpm dev)"
echo "  • Database migrations applied"
echo "  • Test user account on PDS"
echo ""

read -p "Continue with testing? [y/N] " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
    echo "Exiting."
    exit 0
fi

# Get test user DID
print_step "1" "Enter test user information"
read -p "Enter test user DID (e.g., did:plc:abc123): " TEST_DID
read -p "Enter test user handle (e.g., test.bsky.social): " TEST_HANDLE

if [ -z "$TEST_DID" ] || [ -z "$TEST_HANDLE" ]; then
    print_error "DID and handle are required"
    exit 1
fi

# Ensure forum record exists in database
print_step "2" "Ensuring forum record exists"
FORUM_URI="at://${FORUM_DID}/space.atbb.forum.forum/self"

FORUM_COUNT=$(psql "$DATABASE_URL" -t -c \
    "SELECT COUNT(*) FROM forums WHERE did = '$FORUM_DID' AND rkey = 'self';" \
    2>/dev/null | tr -d ' ')

if [ "$FORUM_COUNT" -eq 0 ]; then
    print_info "No forum record found. Creating one for testing..."
    psql "$DATABASE_URL" -c \
        "INSERT INTO forums (did, rkey, cid, name, description, indexed_at)
         VALUES ('$FORUM_DID', 'self', 'bafytest123', 'Test Forum', 'Test forum for membership creation', NOW());" \
        2>/dev/null
    print_success "Created forum record in database"
else
    print_success "Forum record already exists"
fi

# Check if membership already exists in database
print_step "3" "Checking database for existing membership"

MEMBERSHIP_COUNT=$(psql "$DATABASE_URL" -t -c \
    "SELECT COUNT(*) FROM memberships WHERE did = '$TEST_DID' AND forum_uri = '$FORUM_URI';" \
    2>/dev/null | tr -d ' ')

if [ "$MEMBERSHIP_COUNT" -gt 0 ]; then
    print_info "Found $MEMBERSHIP_COUNT existing membership(s) in database"
    read -p "Delete existing membership to test first-time login? [y/N] " -n 1 -r
    echo
    if [[ $REPLY =~ ^[Yy]$ ]]; then
        psql "$DATABASE_URL" -c \
            "DELETE FROM memberships WHERE did = '$TEST_DID' AND forum_uri = '$FORUM_URI';"
        print_success "Deleted existing membership from database"
    fi
else
    print_success "No existing membership in database (ready for first-time login test)"
fi

# Instructions for OAuth flow
print_step "4" "OAuth Login Flow"
echo ""

# Construct OAuth login URL
LOGIN_URL="${OAUTH_PUBLIC_URL}/api/auth/login?handle=${TEST_HANDLE}"

echo "Open this URL in your browser to start OAuth login:"
echo ""
echo -e "${GREEN}${LOGIN_URL}${NC}"
echo ""
echo "What will happen:"
echo "  1. Browser redirects to your PDS (${PDS_URL})"
echo "  2. You approve the forum's access request"
echo "  3. PDS redirects back to ${OAUTH_PUBLIC_URL}/api/auth/callback"
echo "  4. Forum creates session and membership record"
echo "  5. Browser redirects to homepage"
echo ""
print_info "Tip: Copy the URL above or use 'open \"$LOGIN_URL\"' on macOS"
echo ""
read -p "Press Enter after completing OAuth login..."

# Check server logs for membership creation
print_step "5" "Checking server logs"
print_info "Check your dev server console for these log events..."

echo ""
echo "Expected log events (JSON formatted):"
echo "  • oauth.login.initiated       - OAuth flow started"
echo "  • oauth.callback.success      - User authenticated successfully"
echo "  • oauth.callback.membership.created  - New membership record created (first login)"
echo "  • oauth.callback.membership.exists   - Membership already exists (repeated login)"
echo "  • oauth.callback.membership.failed   - Membership creation failed (error case)"
echo ""
print_info "The membership creation happens during the callback, so look for the membership event"

# Query database for indexed membership
print_step "6" "Checking database for indexed membership"
sleep 2  # Give firehose a moment to index

MEMBERSHIP_DATA=$(psql "$DATABASE_URL" -c \
    "SELECT did, rkey, forum_uri, joined_at, created_at, indexed_at
     FROM memberships
     WHERE did = '$TEST_DID' AND forum_uri = '$FORUM_URI';" \
    2>/dev/null)

if echo "$MEMBERSHIP_DATA" | grep -q "$TEST_DID"; then
    print_success "Membership found in database"
    echo "$MEMBERSHIP_DATA"
else
    print_error "Membership not found in database yet"
    print_info "Firehose may still be indexing. Wait 10-30 seconds and check again:"
    echo "  psql \"\$DATABASE_URL\" -c \"SELECT * FROM memberships WHERE did = '$TEST_DID';\""
fi

# Test repeated login
print_step "7" "Test repeated login (no duplicate)"
echo ""

# Construct logout and login URLs
LOGOUT_URL="${OAUTH_PUBLIC_URL}/api/auth/logout"

echo "First, logout to clear the current session:"
echo ""
echo -e "${GREEN}${LOGOUT_URL}${NC}"
echo ""
print_info "Tip: Open the URL or use 'open \"$LOGOUT_URL\"' on macOS"
echo ""
read -p "Press Enter after logging out..."
echo ""
echo "Now login again with the same account:"
echo ""
echo -e "${GREEN}${LOGIN_URL}${NC}"
echo ""
echo "Expected behavior:"
echo "  • Login should succeed normally"
echo "  • Server logs should show \"Membership already exists\" (not \"created\")"
echo "  • No duplicate membership record in database"
echo ""
read -p "Press Enter after completing repeated login..."

# Verify no duplicate in database
FINAL_COUNT=$(psql "$DATABASE_URL" -t -c \
    "SELECT COUNT(*) FROM memberships WHERE did = '$TEST_DID' AND forum_uri = '$FORUM_URI';" \
    2>/dev/null | tr -d ' ')

if [ "$FINAL_COUNT" -eq 1 ]; then
    print_success "Verified: Exactly 1 membership record (no duplicate created)"
elif [ "$FINAL_COUNT" -gt 1 ]; then
    print_error "FAIL: Found $FINAL_COUNT memberships (duplicates created!)"
    psql "$DATABASE_URL" -c \
        "SELECT * FROM memberships WHERE did = '$TEST_DID' AND forum_uri = '$FORUM_URI';"
    exit 1
else
    print_error "FAIL: No membership found in database"
    exit 1
fi

# Summary
print_header "Test Summary"
print_success "Membership auto-creation appears to be working correctly"
echo ""
echo "Verified:"
echo "  ✓ Membership record created on first login"
echo "  ✓ No duplicate created on repeated login"
echo "  ✓ Login flow completed successfully"
echo ""
echo "Next steps:"
echo "  • Review server logs for proper log messages"
echo "  • Test error scenarios (PDS unreachable, database failure)"
echo "  • Create pull request for ATB-15"