<?php

namespace App\Console\Commands;

use App\Models\Setting;
use Illuminate\Console\Command;

class WizardDomains extends Command
{
    protected $signature = 'mailwolt:wizard-domains
                            {--ui=   : UI-Domain}
                            {--mail= : Mail-Domain}
                            {--webmail= : Webmail-Domain}
                            {--ssl=1 : SSL automatisch (1/0)}';

    protected $description = 'Wizard: Domains einrichten mit Status-Dateien';

    private const STATE_DIR = '/var/lib/mailwolt/wizard';

    public function handle(): int
    {
        $ui      = $this->option('ui');
        $mail    = $this->option('mail');
        $webmail = $this->option('webmail');
        $ssl     = (bool)(int)$this->option('ssl');

        @mkdir(self::STATE_DIR, 0755, true);

        // Start: alle auf pending
        foreach (['ui', 'mail', 'webmail'] as $key) {
            file_put_contents(self::STATE_DIR . "/{$key}", 'pending');
        }

        $domains = ['ui' => $ui, 'mail' => $mail, 'webmail' => $webmail];
        $allOk   = true;

        foreach ($domains as $key => $domain) {
            if (!$domain) {
                file_put_contents(self::STATE_DIR . "/{$key}", 'skip');
                continue;
            }

            file_put_contents(self::STATE_DIR . "/{$key}", 'running');

            // DNS prüfen
            $hasDns = checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA');
            if (!$hasDns) {
                file_put_contents(self::STATE_DIR . "/{$key}", 'nodns');
                $allOk = false;
                continue;
            }

            // SSL-Zertifikat anfordern
            if ($ssl) {
                $out = shell_exec(sprintf(
                    'sudo -n certbot certonly --nginx --non-interactive --agree-tos -m root@%s -d %s 2>&1',
                    escapeshellarg($domain),
                    escapeshellarg($domain)
                ));
                $certOk = str_contains((string) $out, 'Successfully') || str_contains((string) $out, 'Certificate not yet due for renewal');
                if (!$certOk) {
                    file_put_contents(self::STATE_DIR . "/{$key}", 'error');
                    $allOk = false;
                    continue;
                }
            }

            file_put_contents(self::STATE_DIR . "/{$key}", 'done');
        }

        // Nginx neu konfigurieren (alle Domains auf einmal)
        if ($allOk) {
            $helper = '/usr/local/sbin/mailwolt-apply-domains';
            shell_exec(sprintf(
                'sudo -n %s --ui-host %s --webmail-host %s --mail-host %s --ssl-auto %d 2>&1',
                escapeshellarg($helper),
                escapeshellarg($ui),
                escapeshellarg($webmail),
                escapeshellarg($mail),
                $ssl ? 1 : 0,
            ));
        }

        file_put_contents(self::STATE_DIR . '/done', $allOk ? '1' : '0');
        Setting::set('ssl_configured', $allOk ? '1' : '0');
        return self::SUCCESS;
    }
}