#!/bin/bash
#
# Norda Biznes Hub - Deployment Script
# Target: R11-PROJECTS-01 (10.22.68.247)
# Domain: nordabiznes.pl
#

set -e  # Exit on error

echo "================================"
echo "Norda Biznes Hub - Deployment"
echo "================================"
echo ""

# Configuration
APP_NAME="nordabiznes"
APP_DIR="/var/www/${APP_NAME}"
NGINX_CONF="/etc/nginx/sites-available/${APP_NAME}"
DOMAIN="nordabiznes.pl"
SERVER_IP="10.22.68.247"

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Functions
log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

check_command() {
    if ! command -v $1 &> /dev/null; then
        log_error "$1 is not installed"
        exit 1
    fi
}

# Check if running on correct server
current_ip=$(hostname -I | awk '{print $1}')
if [[ "$current_ip" != "$SERVER_IP" ]]; then
    log_warn "This script should run on R11-PROJECTS-01 ($SERVER_IP)"
    log_warn "Current IP: $current_ip"
    read -p "Continue anyway? (y/N): " -n 1 -r
    echo
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        exit 1
    fi
fi

# Check required commands
log_info "Checking prerequisites..."
check_command nginx
check_command systemctl

# Step 1: Create directory structure
log_info "Creating directory structure..."
mkdir -p "$APP_DIR"
cd "$APP_DIR"

# Step 2: Check if files exist locally
if [[ ! -f "index.html" ]]; then
    log_warn "Application files not found in $APP_DIR"
    log_info "Please upload files first using:"
    echo "  scp -r /Users/maciejpi/claude/projects/active/nordabiz/* root@${SERVER_IP}:${APP_DIR}/"
    exit 1
fi

# Step 3: Set permissions
log_info "Setting permissions..."
chown -R www-data:www-data "$APP_DIR"
chmod -R 755 "$APP_DIR"

# Step 4: Create Nginx configuration
log_info "Creating Nginx configuration..."
cat > "$NGINX_CONF" << 'EOF'
server {
    listen 80;
    server_name nordabiznes.pl www.nordabiznes.pl R11-PROJECTS-01.inpi.local 10.22.68.247;

    root /var/www/nordabiznes;
    index index.html;

    # Logging
    access_log /var/log/nginx/nordabiznes-access.log;
    error_log /var/log/nginx/nordabiznes-error.log;

    # Main location
    location / {
        try_files $uri $uri/ =404;
    }

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;

    # Compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;

    # Cache static files
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
    }

    # Deny access to hidden files
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Health check endpoint
    location /health {
        access_log off;
        return 200 "OK\n";
        add_header Content-Type text/plain;
    }
}
EOF

# Step 5: Enable site
log_info "Enabling site..."
if [[ -L "/etc/nginx/sites-enabled/${APP_NAME}" ]]; then
    log_warn "Site already enabled, removing old symlink"
    rm "/etc/nginx/sites-enabled/${APP_NAME}"
fi
ln -s "$NGINX_CONF" "/etc/nginx/sites-enabled/${APP_NAME}"

# Step 6: Test nginx configuration
log_info "Testing Nginx configuration..."
if nginx -t; then
    log_info "Nginx configuration valid"
else
    log_error "Nginx configuration test failed!"
    exit 1
fi

# Step 7: Reload nginx
log_info "Reloading Nginx..."
systemctl reload nginx

# Step 8: Check nginx status
if systemctl is-active --quiet nginx; then
    log_info "Nginx is running"
else
    log_error "Nginx is not running!"
    systemctl status nginx
    exit 1
fi

# Step 9: Test local access
log_info "Testing local access..."
sleep 2
if curl -sf http://localhost/ > /dev/null; then
    log_info "Local HTTP test: ${GREEN}PASSED${NC}"
else
    log_error "Local HTTP test: FAILED"
    exit 1
fi

# Summary
echo ""
echo "================================"
log_info "Deployment completed successfully!"
echo "================================"
echo ""
echo "Application deployed at:"
echo "  - Local: http://10.22.68.247"
echo "  - Local DNS: http://nordabiznes.inpi.local (after DNS config)"
echo "  - Public: https://nordabiznes.pl (after NPM config)"
echo ""
echo "Next steps:"
echo "  1. Configure OVH DNS A record: nordabiznes.pl → 85.237.177.83"
echo "  2. Configure Fortigate NAT: 85.237.177.83:80,443 → 10.22.68.250"
echo "  3. Configure NPM proxy: nordabiznes.pl → 10.22.68.247:80"
echo "  4. Configure local DNS: nordabiznes.inpi.local → 10.22.68.247"
echo "  5. Update IPAM"
echo ""
echo "Test commands:"
echo "  curl -I http://10.22.68.247"
echo "  curl http://10.22.68.247 | grep 'Norda Biznes'"
echo ""
echo "Logs:"
echo "  tail -f /var/log/nginx/nordabiznes-access.log"
echo "  tail -f /var/log/nginx/nordabiznes-error.log"
echo ""