#!/bin/bash
set -e

# =============================================================================
# CloudSearch ä¸€é”®éƒ¨ç½²è„šæœ¬
# ç”¨æ³•:
#   curl -sS https://gitea.timxx.cn/admin/CloudSearch/raw/branch/master/source_clean/deploy.sh | bash
#
# å¯é€‰çŽ¯å¢ƒå˜é‡ï¼ˆéƒ¨ç½²å‰è®¾ç½®ï¼‰:
#   CORS_ORIGIN       - ç½‘ç«™åŸŸåï¼Œå¿…å¡« (å¦‚ https://your-domain.com)
#   JWT_SECRET        - JWT ç­¾åå¯†é’¥ (ç•™ç©ºè‡ªåŠ¨ç”Ÿæˆ)
#   ADMIN_PASSWORD    - ç®¡ç†å‘˜å¯†ç  (ç•™ç©ºè‡ªåŠ¨ç”Ÿæˆ)
#   REDIS_URL         - Redis è¿žæŽ¥ (é»˜è®¤: redis://redis:6379)
#   LOG_LEVEL         - æ—¥å¿—çº§åˆ« (é»˜è®¤: info)
#   DEPLOY_DIR        - éƒ¨ç½²ç›®å½• (é»˜è®¤: /opt/cloudsearch)
# =============================================================================

REPO_URL="https://gitea.timxx.cn/admin/CloudSearch.git"
IMAGE="gitea.timxx.cn/admin/cloudsearch:latest"
DEPLOY_DIR="${DEPLOY_DIR:-/opt/cloudsearch}"

RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
info()  { echo -e "${GREEN}[INFO]${NC} $*"; }
warn()  { echo -e "${YELLOW}[WARN]${NC} $*"; }
err()   { echo -e "${RED}[ERROR]${NC} $*"; }

command -v docker &>/dev/null || { err "Docker æœªå®‰è£…ï¼Œè¯·å…ˆå®‰è£… Docker"; exit 1; }

# â”€â”€ æ£€æŸ¥å¿…å¡«å‚æ•° â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€
if [ -z "$CORS_ORIGIN" ]; then
    PUBLIC_IP=$(curl -s --connect-timeout 3 ifconfig.me 2>/dev/null || curl -s --connect-timeout 3 ip.sb 2>/dev/null || echo "")
    if [ -n "$PUBLIC_IP" ]; then
        CORS_ORIGIN="http://${PUBLIC_IP}:9527"
        warn "æœªè®¾ç½® CORS_ORIGINï¼Œè‡ªåŠ¨æ£€æµ‹ä¸º: ${CORS_ORIGIN}"
        warn "å¦‚éœ€è‡ªå®šä¹‰ç½‘åŸŸåï¼Œè¯·: CORS_ORIGIN=https://your.domain.com curl ... | bash"
    else
        CORS_ORIGIN="http://localhost:9527"
        warn "æœªè§®ö½ CORS_ORIGINï¼Œä½¿ç”¨é»˜è®¤: ${CORS_ORIGIN}"
    fi
fi

# â”€â”€ æ‹‰å–ä»“åº“ â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€
info "æ‹‰å–ä»“åº“..."
if [ -d "$DEPLOY_DIR/.git" ]; then
    cd "$DEPLOY_DIR" && git pull --ff-only origin master 2>/dev/null || true
else
    rm -rf "$DEPLOY_DIR"
    git clone --depth 1 "$REPO_URL" "$DEPLOY_DIR"
fi
cd "$DEPLOY_DIR/source_clean"

# â”€â”€ åˆ‡æ¢åˆ°é•œåƒæ¨¡å¼ â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€
if grep -q '^    build:' docker-compose.yml 2>/dev/null; then
    info "é…ç½®é•œåƒæ¨¡å¼..."
    sed -i 's/^    build:/    # build:/' docker-compose.yml
    sed -i 's/^      context:/      # context:/' docker-compose.yml
    sed -i 's/^      dockerfile:/      # dockerfile:/' docker-compose.yml
    sed -i 's|^    # image: gitea.timxx.cn/admin/cloudsearch:latest|    image: gitea.timxx.cn/admin/cloudsearch:latest|' docker-compose.yml
fi

# â”€â”€ ç”Ÿæˆå¯†é’¥ â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€
JWT_SECRET="${JWT_SECRET:-$(openssl rand -hex 32)}"
ADMIN_PASSWORD="${ADMIN_PASSWORD:-$(openssl rand -base64 12 | tr -d '=+/' | head -c 16)}"

# â”€â”€ ç”Ÿæˆ .env â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€
cat > .env <<ENVEOF
CORS_ORIGIN=${CORS_ORIGIN}
JWT_SECRET=${JWT_SECRET}
ADMIN_PASSWORD=${ADMIN_PASSWORD}
REDIS_URL=${REDIS_URL:-redis://redis:6379}
LOG_LEVEL=${LOG_LEVEL:-info}
ENVEOF

info "ç®¡ç†å‘˜: admin / ${ADMIN_PASSWORD}"

# â”€â”€ éƒ¨ç½² â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€
info "æ‹‰å–é•œåƒ..."
docker compose pull app 2>/dev/null || true

info "åœæ­¢æ—§æœåŠ¡..."
docker compose down --remove-orphans 2>/dev/null || true

info "å¯åŠ¨æœåŠ¡..."
docker compose up -d

# â”€â”€ ç­‰å¾…å°±ç»ª â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€
info "ç­‰å¾…æœåŠ¡å°±ç»ª..."
for i in $(seq 1 15); do
    if curl -s -o /dev/null -w '%{http_code}' http://localhost:9527/health 2>/dev/null | grep -q '200'; then
        break
    fi
    sleep 2
done

# â”€â”€ å¼ºåˆ¶å†™å…¥ç®¡ç†å‘˜å¯†ç (åŠåŒæ—¶å¤‡ç›®å½•åˆ°æ²¡æ˜¯å‘é‡å¯,ç›´æŽ¥æ›´æ–°æ•°æ®åº“) â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€)¥¹™¼€‹–"w–ž/–2[žº‡žB–Fc–¾ž‚¸¸¸ˆ)Í±••À€Ì)‘½­•È•á•Œ±½Õ‘M•…É¡}ÁÀ¹½‘”€µ”€ˆ)½¹ÍÐ‰ÉåÁÐ€ôÉ•ÅÕ¥É” ‰ÉåÁÑ©Ìœ¤ì)½¹ÍÐ…Ñ…‰…Í”€ôÉ•ÅÕ¥É” ‰•ÑÑ•ÈµÍÅ±¥Ñ”Ìœ¤ì)½¹ÍÐ‘ˆ€ô¹•Ü…Ñ…‰…Í” œ½‘…Ñ„½‘…Ñ…‰…Í”¹ÍÅ±¥Ñ”œ¤ì)½¹ÍÐ¡…Í €ô‰ÉåÁÐ¹¡…Í¡Må¹Œ œ‘í5%9}AMM]=Iôœ°€ÄÀ¤ì)½¹ÍÐ•á¥ÍÑ¥¹œ€ô‘ˆ¹ÁÉ•Á…É” M1P¥I=4…‘µ¥¹Ì]!IÕÍ•É¹…µ”€ô€üœ¤¹•Ð …‘µ¥¸œ¤ì)¥˜€¡•á¥ÍÑ¥¹œ¤ì(€€€‘ˆ¹ÁÉ•Á…É” UAQ…‘µ¥¹ÌMPÁ…ÍÍÝ½É‘}¡…Í €ô€ü]!IÕÍ•É¹…µ”€ô€üœ¤¹ÉÕ¸¡¡…Í °€…‘µ¥¸œ¤ì)ô•±Í”ì(€€€‘ˆ¹ÁÉ•Á…É” %9MIP%9Q<…‘µ¥¹Ì€¡ÕÍ•É¹…µ”°Á…ÍÍÝ½É‘}¡…Í ¤Y1UL€ ü°€ü¤œ¤¹ÉÕ¸ …‘µ¥¸œ°¡…Í ¤ì)ô)‘ˆ¹±½Í” ¤ì(ˆ€Èø½‘•Ø½¹Õ±°€˜˜¥¹™¼€‹žº‡žB–Fc–¾ž‚–ÞË–B3š¶”ˆñð¥¹™¼€‹šVÃš6»–êO–"w–ž/–2[’â·¾ò3ž¢7–B;¢«–*£–º3š"@ˆ((ŒƒŠRŠR ƒ¦ª3¢¾ƒŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠRŠR )æ`docker compose ps 2>/dev/null | grep -q 'Up'; then
    echo ""
    echo "============================================="
    echo -e "  \033[0;32mâœ… CloudSearch éƒ¨ç½²å®Œæˆ\033[0m"
    echo "============================================="
    docker compose ps
    echo ""
    echo "  ç®¡ç†åŽå°: ${CORS_ORIGIN}/admin/login"
    echo "  ç”¨æˆ·å:   admin"
    echo "  å¯†ç :     ${ADMIN_PASSWORD}"
else
    err "æœåŠ¡å¯åŠ¨å¤±è´¥: docker compose logs"
    exit 1
fi