#!/bin/bash
# Aether MariaDB Restore Script (Physical Backup)
set -e

PROJECT_ROOT="/home/scott/OSIT_dev/aether_container_env"
DEFAULT_BACKUP="${PROJECT_ROOT}/backups/mariadbbackup_1555.gz"
BACKUP_FILE="${1:-$DEFAULT_BACKUP}"

MARIADB_DATA="${PROJECT_ROOT}/srv/mariadb"
RESTORE_TEMP="${PROJECT_ROOT}/srv/restore_temp"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)

# Load env for password
source "${PROJECT_ROOT}/.env"

if [ ! -f "$BACKUP_FILE" ]; then
    echo "ERROR: Backup file not found: $BACKUP_FILE"
    exit 1
fi

# Convert to absolute path for Docker volume mounting
BACKUP_FILE_ABS=$(readlink -f "$BACKUP_FILE")

echo "--- Starting Aether Database Restore ---"

# 1. Stop MariaDB
echo ">>> Stopping MariaDB..."
cd "${PROJECT_ROOT}" && docker compose stop mariadb

# 2. Archive current data
if [ -d "$MARIADB_DATA" ] && [ "$(ls -A $MARIADB_DATA)" ]; then
    echo ">>> Archiving current data..."
    BACKUP_DIR="${PROJECT_ROOT}/srv/mariadb_bak_${TIMESTAMP}"
    mv "${MARIADB_DATA}" "${BACKUP_DIR}"
    # Fix ownership of archived data so host user can manage it
    docker run --rm -v "${BACKUP_DIR}":/bak alpine chown -R 1000:1000 /bak
fi
mkdir -p "${MARIADB_DATA}" "${RESTORE_TEMP}"

# 3. Extract and Prepare
echo ">>> Running extraction and preparation..."
docker run --rm --user 0 \
    -v "${BACKUP_FILE_ABS}":/backups/import.gz \
    -v "${RESTORE_TEMP}":/restore \
    -v "${PROJECT_ROOT}/scripts/restore_internal.sh":/restore.sh \
    mariadb:10.11 bash -c "export BACKUP_FILE=/backups/import.gz && bash /restore.sh"

# 4. Move prepared data (Using container to avoid permission issues)
echo ">>> Moving prepared data..."
docker run --rm --user 0 \
    -v "${RESTORE_TEMP}":/src \
    -v "${MARIADB_DATA}":/dst \
    alpine sh -c "mv /src/* /dst/ 2>/dev/null || true; mv /src/.* /dst/ 2>/dev/null || true"
rmdir "${RESTORE_TEMP}"

# 5. Fix Permissions
echo ">>> Fixing ownership (999:999)..."
docker run --rm -v "${MARIADB_DATA}":/var/lib/mysql alpine chown -R 999:999 /var/lib/mysql

# 6. Start MariaDB in Maintenance Mode to reset password
echo ">>> Resetting passwords to match local .env..."
docker run -d --name ae_mariadb_maint -v "${MARIADB_DATA}":/var/lib/mysql mariadb:10.11 --skip-grant-tables
sleep 5
# Maintenance SQL: Sets root password AND ensures app user exists with correct password/grants
MAINT_SQL="FLUSH PRIVILEGES; 
ALTER USER 'root'@'localhost' IDENTIFIED BY '${AE_DB_ROOT_PASSWORD}'; 
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${AE_DB_ROOT_PASSWORD}' WITH GRANT OPTION;
CREATE USER IF NOT EXISTS '${AE_DB_USERNAME}'@'%' IDENTIFIED BY '${AE_DB_PASSWORD}';
ALTER USER '${AE_DB_USERNAME}'@'%' IDENTIFIED BY '${AE_DB_PASSWORD}';
GRANT ALL PRIVILEGES ON \`${AE_DB_NAME}\`.* TO '${AE_DB_USERNAME}'@'%';
FLUSH PRIVILEGES;"

docker exec ae_mariadb_maint mariadb -e "$MAINT_SQL"
docker stop ae_mariadb_maint && docker rm ae_mariadb_maint

# 7. Start MariaDB Normally
echo ">>> Starting MariaDB container normally..."
docker compose start mariadb

echo "--- Restore and Password Reset Complete! ---"

# 8. Cleanup Safety Snapshot (Only on success)
if [ -n "$BACKUP_DIR" ] && [ -d "$BACKUP_DIR" ]; then
    echo ">>> Removing safety snapshot (Restore successful)..."
    rm -rf "$BACKUP_DIR"
fi