#!/usr/bin/env ruby
# frozen_string_literal: true
# Copyright 2016 Liqwyd Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

$LOAD_PATH.push File.expand_path('../../app', __FILE__)

require 'require_all'
require 'logger'
require 'active_record'
require 'securerandom'

ENV['RACK_ENV'] = ENV['RACK_ENV'] || 'development'

require 'cyclid/config'

# Top level module for the core Cyclid code; just stub out to provide the
# bare minimum required to inject data via. the models.
module Cyclid
  class << self
    attr_accessor :logger, :config

    begin
      Cyclid.logger = Logger.new(STDERR)

      config_path = ENV['CYCLID_CONFIG'] || File.join(%w(/ etc cyclid config))
      Cyclid.config = API::Config.new(config_path)
    rescue StandardError => ex
      abort "Failed to initialize: #{ex}"
    end
  end
end

require 'db'
require 'cyclid/models'

require_relative '../db/schema.rb'

include Cyclid::API

ADMINS_ORG = 'admins'
RSA_KEY_LENGTH = 2048

def generate_password
  (('a'..'z').to_a.concat \
    ('A'..'Z').to_a.concat \
      ('0'..'9').to_a.concat \
        %w($ % ^ & * _)).sample(8).join
end

def create_admin_user(initial_secret, initial_password)
  secret = initial_secret || SecureRandom.hex(32)
  password = initial_password || generate_password

  user = User.new
  user.username = 'admin'
  user.email = 'admin@example.com'
  user.secret = secret
  user.new_password = password
  user.save!

  [secret, password]
end

def create_admin_organization
  key = OpenSSL::PKey::RSA.new(RSA_KEY_LENGTH)

  org = Organization.new
  org.name = ADMINS_ORG
  org.owner_email = 'admins@example.com'
  org.rsa_private_key = key.to_der
  org.rsa_public_key = key.public_key.to_der
  org.salt = SecureRandom.hex(32)
  org.users << User.find_by(username: 'admin')
end

def update_user_perms
  # 'admin' user is a Super Admin
  user = User.find_by(username: 'admin')
  organization = user.organizations.find_by(name: ADMINS_ORG)
  permissions = user.userpermissions.find_by(organization: organization)
  Cyclid.logger.debug permissions

  permissions.admin = true
  permissions.write = true
  permissions.read = true
  permissions.save!
end

initial_secret = ARGV[0]
initial_password = ARGV[1]

secret, password = create_admin_user(initial_secret, initial_password)
create_admin_organization

update_user_perms

STDERR.puts '*' * 80
STDERR.puts "Admin secret: #{secret}"
STDERR.puts "Admin password: #{password}"