#!/bin/bash

# --- Styling ---
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'

echo -e "${YELLOW}=== Sechpoint Wallarm Pre-Flight Diagnostic ===${NC}"

# --- 1. INTERACTIVE INPUT ---
read -p "Enter Application Server IP [127.0.0.1]: " APP_HOST </dev/tty
APP_HOST=${APP_HOST:-127.0.0.1}

read -p "Enter Application Server Port [8080]: " APP_PORT </dev/tty
APP_PORT=${APP_PORT:-8080}

# --- 2. SUDO & SYSTEM CHECK ---
echo -e "\n${YELLOW}[1/4] Checking Sudo & OS Status...${NC}"

# Improved Sudo Check: Try a non-destructive command with sudo
echo "Checking sudo permissions (you may be prompted for a password)..."
if sudo -v; then
    echo -e "${GREEN}[PASS]${NC} User has sudo privileges."
else
    echo -e "${RED}[FAIL]${NC} User is NOT in sudoers or password was incorrect."
fi

# Detect OS and try to update/install basics
if [ -f /etc/debian_version ]; then
    echo "OS: Debian/Ubuntu detected."
    # sudo apt-get update -qq && sudo apt-get install -y curl wget git -qq > /dev/null
elif [ -f /etc/redhat-release ]; then
    echo "OS: RHEL/CentOS detected."
    # sudo yum makecache -q && sudo yum install -y curl wget git -q > /dev/null
else
    echo "OS: Non-Linux (Mac/Other) detected. Network tests will use 'curl' fallback."
fi

# --- 3. TOOL VERIFICATION ---
echo -e "\n${YELLOW}[2/4] Verifying Required Tools...${NC}"
for tool in curl wget git; do
    if command -v $tool &> /dev/null; then
        echo -e "${GREEN}[PASS]${NC} $tool is installed."
    else
        echo -e "${RED}[FAIL]${NC} $tool is MISSING."
    fi
done

# --- 4. WALLARM CLOUD CONNECTIVITY ---
echo -e "\n${YELLOW}[3/4] Testing Wallarm Cloud Connectivity (Port 443)...${NC}"

test_conn() {
    local target=$1
    local desc=$2
    
    if [[ "$OSTYPE" == "darwin"* ]]; then
        # Mac Fallback: If curl gets ANY status code, the port is open.
        # -I (Head only), -s (Silent), -k (Insecure), --max-time 3
        if curl -Is --connect-timeout 3 "https://$target" > /dev/null 2>&1; then
             echo -e "${GREEN}[PASS]${NC} $desc ($target)"
        else
             echo -e "${RED}[FAIL]${NC} $desc ($target) - BLOCKED"
        fi
    else
        # Linux Native (Still the most reliable for VMs)
        if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$target/443" 2>/dev/null; then
            echo -e "${GREEN}[PASS]${NC} $desc ($target)"
        else
            echo -e "${RED}[FAIL]${NC} $desc ($target) - BLOCKED"
        fi
    fi
}   

echo "--- EU Cloud ---"
test_conn "34.160.38.183" "node-data1.eu1"
test_conn "34.144.227.90"  "node-data0.eu1"
test_conn "34.90.110.226"  "api.wallarm.com"

echo -e "\n--- US Cloud ---"
test_conn "34.96.64.17"    "node-data0.us1"
test_conn "34.110.183.149" "node-data1.us1"
test_conn "35.235.66.155"  "us1.api.wallarm.com"

# --- 5. INTERNAL APP CHECK ---
echo -e "\n${YELLOW}[4/4] Testing Internal App Connectivity...${NC}"
if [[ "$OSTYPE" == "darwin"* ]]; then
    # Mac check for the app port specifically
    if curl -s --connect-timeout 3 "$APP_HOST:$APP_PORT" > /dev/null 2>&1 || [ $? -eq 52 ] || [ $? -eq 45 ]; then
        echo -e "${GREEN}[PASS]${NC} Reached App at $APP_HOST:$APP_PORT"
    else
        echo -e "${RED}[FAIL]${NC} Cannot reach $APP_HOST on port $APP_PORT"
    fi
else
    # Linux native check
    if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$APP_HOST/$APP_PORT" 2>/dev/null; then
        echo -e "${GREEN}[PASS]${NC} Reached App at $APP_HOST:$APP_PORT"
    else
        echo -e "${RED}[FAIL]${NC} CANNOT REACH $APP_HOST on port $APP_PORT"
    fi
fi

echo -e "\n${YELLOW}-------------------------------------------------------"
echo -e "PRE-FLIGHT COMPLETE. PLEASE SCREENSHOT THIS OUTPUT."
echo -e "-------------------------------------------------------${NC}"