#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh

log "Laravel bereitstellen…"
mkdir -p "$(dirname "$APP_DIR")"; chown -R "$APP_USER":"$APP_GROUP" "$(dirname "$APP_DIR")"

if [[ ! -d "${APP_DIR}/.git" ]]; then
  sudo -u "$APP_USER" -H bash -lc "git clone --depth=1 -b ${GIT_BRANCH} ${GIT_REPO} ${APP_DIR}"
else
  sudo -u "$APP_USER" -H bash -lc "
    set -e
    cd ${APP_DIR}
    git fetch --depth=1 origin ${GIT_BRANCH} || true
    git checkout ${GIT_BRANCH} 2>/dev/null || git checkout -B ${GIT_BRANCH}
    if git merge-base --is-ancestor HEAD origin/${GIT_BRANCH}; then git pull --ff-only; else git reset --hard origin/${GIT_BRANCH}; git clean -fd; fi
  "
fi

if [[ -f "${APP_DIR}/composer.json" ]]; then
  sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && composer install --no-interaction --prefer-dist --no-dev"
fi

# .env
ENV_FILE="${APP_DIR}/.env"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && cp -n .env.example .env || true"
grep -q '^APP_KEY=' "${ENV_FILE}" || sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan key:generate --force || true"

upsert_env(){
  local k="$1" v="$2"
  local ek ev; ek="$(printf '%s' "$k" | sed -e 's/[.[\*^$(){}+?|/]/\\&/g')"; ev="$(printf '%s' "$v" | sed -e 's/[&/]/\\&/g')"
  if grep -qE "^[#[:space:]]*${ek}=" "$ENV_FILE"; then
    sed -Ei "s|^[#[:space:]]*${ek}=.*|${k}=${ev}|g" "$ENV_FILE"
  else
    printf '%s=%s\n' "$k" "$v" >> "$ENV_FILE"
  fi
}

# APP_URL/Host
APP_HOST_VAL="$SERVER_PUBLIC_IPV4"
UI_LE_CERT="/etc/letsencrypt/live/${UI_HOST}/fullchain.pem"
UI_LE_KEY="/etc/letsencrypt/live/${UI_HOST}/privkey.pem"
if [[ "$BASE_DOMAIN" != "example.com" && -n "$UI_HOST" ]] && ( resolve_ok "$UI_HOST" || [[ -f "$UI_LE_CERT" && -f "$UI_LE_KEY" ]] ); then
  APP_HOST_VAL="$UI_HOST"
fi
if [[ "$APP_HOST_VAL" = "$UI_HOST" && -f "$UI_LE_CERT" && -f "$UI_LE_KEY" ]]; then
  APP_URL_VAL="https://${UI_HOST}"
else
  if [[ -f "/etc/ssl/ui/fullchain.pem" && -f "/etc/ssl/ui/privkey.pem" ]]; then
    APP_URL_VAL="https://${SERVER_PUBLIC_IPV4}"
  else
    APP_URL_VAL="http://${SERVER_PUBLIC_IPV4}"
  fi
fi

# .env schreiben
upsert_env APP_URL             "${APP_URL_VAL}"
upsert_env APP_HOST            "${APP_HOST_VAL}"
upsert_env APP_NAME            "${APP_NAME}"
upsert_env APP_ENV             "${APP_ENV}"
upsert_env APP_DEBUG           "${APP_DEBUG}"
upsert_env APP_LOCALE          "de"
upsert_env APP_FALLBACK_LOCALE "en"

upsert_env SERVER_PUBLIC_IPV4  "${SERVER_PUBLIC_IPV4}"
upsert_env SERVER_PUBLIC_IPV6  "${SERVER_PUBLIC_IPV6:-}"

upsert_env BASE_DOMAIN "${BASE_DOMAIN}"
upsert_env UI_SUB      "${UI_SUB}"
upsert_env WEBMAIL_SUB "${WEBMAIL_SUB}"
upsert_env SYSTEM_SUB  "${SYSTEM_SUB}"
upsert_env MTA_SUB     "${MTA_SUB}"
upsert_env LE_EMAIL    "${LE_EMAIL}"

upsert_env DB_CONNECTION "mysql"
upsert_env DB_HOST       "127.0.0.1"
upsert_env DB_PORT       "3306"
upsert_env DB_DATABASE   "${DB_NAME}"
upsert_env DB_USERNAME   "${DB_USER}"
upsert_env DB_PASSWORD   "${DB_PASS}"

upsert_env CACHE_SETTINGS_STORE "redis"
upsert_env CACHE_STORE          "redis"
upsert_env CACHE_DRIVER         "redis"
upsert_env CACHE_PREFIX         "${APP_USER_PREFIX}_cache:"
upsert_env SESSION_DRIVER       "redis"
upsert_env SESSION_SECURE_COOKIE "true"
upsert_env SESSION_SAMESITE     "lax"
upsert_env REDIS_CLIENT         "phpredis"
upsert_env REDIS_HOST           "127.0.0.1"
upsert_env REDIS_PORT           "6379"
upsert_env REDIS_PASSWORD       "${REDIS_PASS}"
upsert_env REDIS_DB             "0"
upsert_env REDIS_CACHE_DB       "1"
upsert_env REDIS_CACHE_CONNECTION "cache"
upsert_env REDIS_CACHE_LOCK_CONNECTION "default"

# Reverb / Queue (wie bei dir)
upsert_env BROADCAST_DRIVER "reverb"
upsert_env QUEUE_CONNECTION "redis"
upsert_env LOG_CHANNEL      "daily"
upsert_env REVERB_APP_ID     "${APP_USER_PREFIX}"
upsert_env REVERB_APP_KEY    "${APP_USER_PREFIX}_$(openssl rand -hex 16)"
upsert_env REVERB_APP_SECRET "${APP_USER_PREFIX}_$(openssl rand -hex 32)"
upsert_env REVERB_HOST       "\${APP_HOST}"
upsert_env REVERB_PORT       "443"
upsert_env REVERB_SCHEME     "https"
upsert_env REVERB_PATH       "/ws"
upsert_env REVERB_SCALING_ENABLED "true"
upsert_env REVERB_SCALING_CHANNEL "reverb"
upsert_env VITE_REVERB_APP_KEY "\${REVERB_APP_KEY}"
upsert_env VITE_REVERB_HOST    "\${REVERB_HOST}"
upsert_env VITE_REVERB_PORT    "\${REVERB_PORT}"
upsert_env VITE_REVERB_SCHEME  "\${REVERB_SCHEME}"
upsert_env VITE_REVERB_PATH    "\${REVERB_PATH}"
upsert_env REVERB_SERVER_APP_KEY "\${REVERB_APP_KEY}"
upsert_env REVERB_SERVER_HOST    "127.0.0.1"
upsert_env REVERB_SERVER_PORT    "8080"
upsert_env REVERB_SERVER_PATH    ""
upsert_env REVERB_SERVER_SCHEME  "http"

# Optimize + Migrate + Seed
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache"
sudo systemctl restart php*-fpm || true

sudo -u "$APP_USER" -H bash -lc "
  set -e
  cd ${APP_DIR}
  php artisan optimize:clear
  php artisan migrate --force
  php artisan config:cache
  php artisan optimize:clear
"

if [[ "$BASE_DOMAIN" != "example.com" ]]; then
  sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan db:seed --class=SystemDomainSeeder --no-interaction || true"
else
  echo "[i] BASE_DOMAIN=example.com – Seeder übersprungen."
fi