#!/bin/bash
# ==============================================================================
# SECHPOINT WALLARM SMART DEPLOYER - BULLETPROOF V3
# ==============================================================================
# Support: Manual Docker/Podman | Auto-Port Mapping | Persistence
# ==============================================================================

# --- UI COLORS ---
BLUE='\033[0;34m'
CYAN='\033[0;36m'
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
BOLD='\033[1m'

clear
echo -e "${BLUE}${BOLD}==========================================================${NC}"
echo -e "${BLUE}${BOLD}        WALLARM NODE - ENTERPRISE POC DEPLOYER          ${NC}"
echo -e "${BLUE}${BOLD}==========================================================${NC}"

# --- 1. PRE-FLIGHT CHECKS ---

check_env() {
    echo -e "\n${CYAN}[STEP 1/5] Checking Environment...${NC}"
    
    # Engine Detection
    if sudo docker info > /dev/null 2>&1; then
        ENGINE="docker"; echo -e "  ${GREEN}✓${NC} Docker Engine detected"
    elif sudo podman info > /dev/null 2>&1; then
        ENGINE="podman"; echo -e "  ${GREEN}✓${NC} Podman Engine detected"
    else
        echo -e "  ${YELLOW}!${NC} No engine active. Setting up manual Docker service..."
        if [ ! -f "/usr/bin/dockerd" ]; then
            echo -e "  ${RED}✗ FATAL: /usr/bin/dockerd not found.${NC}"; exit 1
        fi
        sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
[Unit]
Description=Docker Engine
After=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
        sudo systemctl daemon-reload && sudo systemctl enable --now docker
        ENGINE="docker"
    fi

    # Registry Check
    REGISTRY_REACHABLE=true
    curl -skI --connect-timeout 3 "https://registry-1.docker.io/v2/" > /dev/null 2>&1 || REGISTRY_REACHABLE=false
    if [ "$REGISTRY_REACHABLE" = true ]; then
        echo -e "  ${GREEN}✓${NC} Docker Hub is reachable"
    else
        echo -e "  ${YELLOW}!${NC} Docker Hub offline. Looking for local image..."
        if ! ls *.tar >/dev/null 2>&1; then
            echo -e "  ${RED}✗ FATAL: No internet and no .tar image found.${NC}"; exit 1
        fi
    fi
}

# --- 2. USER INPUT ---

get_config() {
    echo -e "\n${CYAN}[STEP 2/5] Configuration Settings...${NC}"
    
    read -p "  Enter Wallarm Token: " TOKEN
    read -p "  Inbound Traffic Port [80]: " IN_PORT
    IN_PORT=${IN_PORT:-80}
    
    # Auto-calculate Monitoring Port
    MON_PORT=$((IN_PORT + 10))
    echo -e "  ${YELLOW}i${NC} Monitoring port set to: ${BOLD}$MON_PORT${NC}"

    read -p "  App IP (Upstream) [127.0.0.1]: " APP_IP
    APP_IP=${APP_IP:-127.0.0.1}
    read -p "  App Port (Upstream) [8080]: " APP_PORT
    APP_PORT=${APP_PORT:-8080}

    # Verify ports are free
    for p in $IN_PORT $MON_PORT; do
        if sudo netstat -tulpn | grep -q ":$p "; then
            echo -e "  ${RED}✗ FATAL: Port $p is already in use.${NC}"; exit 1
        fi
    done
}

# --- 3. ARTIFACT GENERATION ---

generate_files() {
    echo -e "\n${CYAN}[STEP 3/5] Generating Persistence Layers...${NC}"
    
    INSTANCE_DIR="/opt/wallarm/poc_$IN_PORT"
    sudo mkdir -p "$INSTANCE_DIR"

    # Nginx Conf
    sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null <<EOF
server {
    listen 80;
    wallarm_mode monitoring;
    location / {
        proxy_pass http://$APP_IP:$APP_PORT;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
    }
}
server { 
    listen 90; 
    location /wallarm-status { 
        wallarm_status on; 
    } 
}
EOF

    # Start Script
    sudo tee "$INSTANCE_DIR/start.sh" > /dev/null <<EOF
#!/bin/bash
sudo $ENGINE rm -f wallarm-node-$IN_PORT 2>/dev/null
sudo $ENGINE run -d \\
  --name wallarm-node-$IN_PORT \\
  --restart always \\
  -p $IN_PORT:80 -p $MON_PORT:90 \\
  -e WALLARM_API_TOKEN=$TOKEN \\
  -v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro" \\
  wallarm/node:latest
EOF
    sudo chmod +x "$INSTANCE_DIR/start.sh"
    echo -e "  ${GREEN}✓${NC} Created artifacts in $INSTANCE_DIR"
}

# --- 4. DEPLOYMENT ---

deploy() {
    echo -e "\n${CYAN}[STEP 4/5] Pulling and Launching...${NC}"
    
    if [ "$REGISTRY_REACHABLE" = true ]; then
        sudo $ENGINE pull wallarm/node:latest
    else
        sudo $ENGINE load < *.tar
    fi

    sudo "$INSTANCE_DIR/start.sh"
}

# --- 5. VERIFICATION ---

verify() {
    echo -e "\n${CYAN}[STEP 5/5] Final Handshake...${NC}"
    sleep 12
    
    if curl -s "http://localhost:$MON_PORT/wallarm-status" | grep -q "requests"; then
        echo -e "\n${GREEN}${BOLD}==========================================================${NC}"
        echo -e "${GREEN}${BOLD}           ✅ DEPLOYMENT SUCCESSFUL                     ${NC}"
        echo -e "${GREEN}${BOLD}==========================================================${NC}"
        echo -e "  Traffic Entry: ${BOLD}http://<Server-IP>:$IN_PORT${NC}"
        echo -e "  Node Status:   ${BOLD}http://localhost:$MON_PORT/wallarm-status${NC}"
        echo -e "  Config Dir:    $INSTANCE_DIR"
        echo -e "${GREEN}${BOLD}==========================================================${NC}\n"
    else
        echo -e "\n${RED}${BOLD}==========================================================${NC}"
        echo -e "${RED}${BOLD}           ❌ DEPLOYMENT FAILED                         ${NC}"
        echo -e "${RED}${BOLD}==========================================================${NC}"
        echo -e "  The container started but is not responding."
        echo -e "  Check logs: ${BOLD}sudo $ENGINE logs wallarm-node-$IN_PORT${NC}"
        echo -e "${RED}${BOLD}==========================================================${NC}\n"
    fi
}

# --- RUN ---
check_env
get_config
generate_files
deploy
verify