#!/bin/bash

RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
NC='\033[0m'

BASE_URL="http://localhost:8080"
ADMIN_URL="http://localhost:8445"

log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }

extract_json() {
    echo "$1" | grep -o "\"$2\":\"[^\"]*\"" | head -1 | sed "s/\"$2\":\"//;s/\"$//"
}

extract_json_number() {
    echo "$1" | grep -o "\"$2\":[0-9]*" | head -1 | sed "s/\"$2\"://"
}

http_post() {
    local url=$1; local data=$2; local token=$3
    if [ -n "$token" ]; then
        curl -s -X POST "$url" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -d "$data"
    else
        curl -s -X POST "$url" -H "Content-Type: application/json" -d "$data"
    fi
}

http_get() {
    local url=$1; local token=$2
    if [ -n "$token" ]; then
        curl -s -X GET "$url" -H "Authorization: Bearer $token"
    else
        curl -s -X GET "$url"
    fi
}

http_put() {
    local url=$1; local data=$2; local token=$3
    curl -s -X PUT "$url" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -d "$data"
}

http_delete() {
    local url=$1; local token=$2
    curl -s -X DELETE "$url" -H "Authorization: Bearer $token"
}

echo "============================================================"
echo "          EVENTHUB ADMIN API TEST SCRIPT"
echo "============================================================"
echo ""

log_info "Checking if servers are running..."
if ! curl -s "$BASE_URL/health" | grep -q "ok"; then
    log_error "Main server is not running on port 8080"
    exit 1
fi
log_success "Main server is running"

if ! curl -s "$ADMIN_URL/admin/health" | grep -q "ok"; then
    log_error "Admin server is not running on port 8445"
    exit 1
fi
log_success "Admin server is running"

echo ""
log_info "============================================================"
log_info "STEP 1: Create test users"
log_info "============================================================"

# Админ (первый пользователь)
ADMIN_EMAIL="admin_test_$(date +%s)@example.com"
ADMIN_PASSWORD="admin123"

log_info "Creating admin user..."
response=$(http_post "$BASE_URL/v1/register" "{\"email\":\"$ADMIN_EMAIL\",\"password\":\"$ADMIN_PASSWORD\"}" "")
ADMIN_TOKEN=$(extract_json "$response" "token")
ADMIN_ID=$(extract_json "$response" "id")
log_success "Admin created: $ADMIN_ID"

# Обычный пользователь
USER_EMAIL="user_test_$(date +%s)@example.com"
USER_PASSWORD="user123"

log_info "Creating regular user..."
response=$(http_post "$BASE_URL/v1/register" "{\"email\":\"$USER_EMAIL\",\"password\":\"$USER_PASSWORD\"}" "")
USER_TOKEN=$(extract_json "$response" "token")
USER_ID=$(extract_json "$response" "id")
log_success "User created: $USER_ID"

echo ""
log_info "============================================================"
log_info "TEST 1: Admin healthcheck"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/health" "")
if echo "$response" | grep -q "admin"; then
    log_success "Admin healthcheck passed: $response"
else
    log_error "Admin healthcheck failed: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 2: Admin stats (requires auth)"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/stats" "$ADMIN_TOKEN")
if echo "$response" | grep -q "users"; then
    log_success "Admin stats retrieved"
    USERS=$(extract_json_number "$response" "users")
    log_info "Users: $USERS"
else
    log_error "Admin stats failed: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 3: Admin stats without token (should fail)"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/stats" "")
if echo "$response" | grep -q "Missing"; then
    log_success "Unauthorized access correctly rejected"
else
    log_error "Should reject unauthorized: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 4: Admin stats with user token (should fail)"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/stats" "$USER_TOKEN")
if echo "$response" | grep -q "Admin access required"; then
    log_success "User token correctly rejected"
else
    log_error "Should reject user token: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 5: List all users (admin)"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/users" "$ADMIN_TOKEN")
USER_COUNT=$(echo "$response" | grep -o "\"id\"" | wc -l)

if [ "$USER_COUNT" -ge 2 ]; then
    log_success "Admin sees $USER_COUNT users"
else
    log_error "Admin should see at least 2 users: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 6: Get specific user (admin)"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/users/$USER_ID" "$ADMIN_TOKEN")
if echo "$response" | grep -q "$USER_ID"; then
    log_success "Admin can view user $USER_ID"
else
    log_error "Admin cannot view user: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 7: Update user (admin)"
log_info "============================================================"

response=$(http_put "$ADMIN_URL/admin/users/$USER_ID" "{\"status\":\"frozen\"}" "$ADMIN_TOKEN")
if echo "$response" | grep -q "frozen"; then
    log_success "User status updated to frozen"
else
    log_error "Failed to update user: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 8: Verify user status changed"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/users/$USER_ID" "$ADMIN_TOKEN")
if echo "$response" | grep -q "frozen"; then
    log_success "User status confirmed as frozen"
else
    log_error "User status not updated: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 9: Restore user status"
log_info "============================================================"

response=$(http_put "$ADMIN_URL/admin/users/$USER_ID" "{\"status\":\"active\"}" "$ADMIN_TOKEN")
if echo "$response" | grep -q "active"; then
    log_success "User status restored to active"
else
    log_error "Failed to restore user: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 10: User cannot access admin endpoints"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/users" "$USER_TOKEN")
if echo "$response" | grep -q "Admin access required"; then
    log_success "User correctly denied access to admin users list"
else
    log_error "User should be denied: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 11: Delete user (admin)"
log_info "============================================================"

# Создаём пользователя для удаления
DELETE_EMAIL="delete_me_$(date +%s)@example.com"
response=$(http_post "$BASE_URL/v1/register" "{\"email\":\"$DELETE_EMAIL\",\"password\":\"pass123\"}" "")
DELETE_ID=$(extract_json "$response" "id")
log_info "Created user to delete: $DELETE_ID"

response=$(http_delete "$ADMIN_URL/admin/users/$DELETE_ID" "$ADMIN_TOKEN")
if echo "$response" | grep -q "deleted"; then
    log_success "User deleted successfully"
else
    log_error "Failed to delete user: $response"
fi

echo ""
log_info "============================================================"
log_info "TEST 12: Verify user deleted"
log_info "============================================================"

response=$(http_get "$ADMIN_URL/admin/users/$DELETE_ID" "$ADMIN_TOKEN")
if echo "$response" | grep -q "not found"; then
    log_success "Deleted user not found"
else
    log_error "Deleted user still accessible: $response"
fi

echo ""
echo "============================================================"
log_success "ADMIN API TESTS COMPLETED!"
echo "============================================================"
echo ""
echo "Summary:"
echo "  Admin: $ADMIN_EMAIL"
echo "  User: $USER_EMAIL"
echo ""