#!/usr/bin/env bash
# onx-backup-push-sftp — SFTP sunucusuna yedek dosyası yükle (rsync -e ssh veya scp)
#
# Input:
#   {
#     "local_path": "/var/backups/onox/backup.tar.gz",
#     "destination_id": 2,
#     "config": {
#       "host": "backup.example.com",
#       "port": 22,
#       "username": "backupuser",
#       "private_key": "-----BEGIN OPENSSH...",  # OR
#       "password": "secret",
#       "remote_path": "/backup/server1"
#     }
#   }
# Output: {"uploaded":true, "remote_path":"/backup/server1/backup.tar.gz", "bytes":N, "duration_seconds":N}

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
onx_json_input

LOCAL_PATH="$(onx_json_field local_path)"
CONFIG="$(echo "$INPUT" | jq -c '.config // {}')"

[[ -z "$LOCAL_PATH" ]] && onx_die 1 "local_path zorunlu"
[[ ! -f "$LOCAL_PATH" ]] && onx_die 2 "Dosya bulunamadı: ${LOCAL_PATH}"

HOST="$(onx_json_get "$CONFIG" host '')"
PORT="$(onx_json_get "$CONFIG" port '22')"
USER="$(onx_json_get "$CONFIG" username '')"
PRIV_KEY="$(onx_json_get "$CONFIG" private_key '')"
PASSWORD="$(onx_json_get "$CONFIG" password '')"
REMOTE_PATH="$(onx_json_get "$CONFIG" remote_path '/backup')"

[[ -z "$HOST" ]] && onx_die 1 "config.host zorunlu"
[[ -z "$USER" ]] && onx_die 1 "config.username zorunlu"

FILENAME="$(basename "$LOCAL_PATH")"
REMOTE_FULL="${REMOTE_PATH}/${FILENAME}"

SSH_OPTS="-o StrictHostKeyChecking=no -o ConnectTimeout=15 -p ${PORT}"
BYTES=$(stat -c%s "$LOCAL_PATH" 2>/dev/null || echo 0)

onx_log "backup-push-sftp: ${LOCAL_PATH} → ${USER}@${HOST}:${REMOTE_FULL}"

START_S=$(date +%s)

if [[ -n "$PRIV_KEY" ]]; then
    require_cmd rsync

    TMP_KEY=$(mktemp /tmp/onx-sftp-key-XXXXXX)
    chmod 600 "$TMP_KEY"
    printf '%s\n' "$PRIV_KEY" > "$TMP_KEY"
    trap 'rm -f "$TMP_KEY"' EXIT

    # Create remote dir first
    ssh -i "$TMP_KEY" $SSH_OPTS "${USER}@${HOST}" "mkdir -p '${REMOTE_PATH}'" 2>/dev/null \
        || onx_die 3 "Uzak dizin oluşturulamadı: ${REMOTE_PATH}"

    rsync -az --partial --timeout=300 \
        -e "ssh -i ${TMP_KEY} ${SSH_OPTS}" \
        "$LOCAL_PATH" "${USER}@${HOST}:${REMOTE_FULL}" 2>&1 \
        || onx_die 3 "rsync/SFTP yükleme başarısız: ${USER}@${HOST}:${REMOTE_FULL}"
else
    require_cmd sshpass
    [[ -z "$PASSWORD" ]] && onx_die 1 "config.private_key veya config.password gerekli"

    sshpass -p "$PASSWORD" ssh $SSH_OPTS "${USER}@${HOST}" "mkdir -p '${REMOTE_PATH}'" 2>/dev/null \
        || onx_die 3 "Uzak dizin oluşturulamadı: ${REMOTE_PATH}"

    sshpass -p "$PASSWORD" rsync -az --partial --timeout=300 \
        -e "ssh ${SSH_OPTS}" \
        "$LOCAL_PATH" "${USER}@${HOST}:${REMOTE_FULL}" 2>&1 \
        || onx_die 3 "rsync/SFTP yükleme başarısız: ${USER}@${HOST}:${REMOTE_FULL}"
fi

END_S=$(date +%s)
DURATION=$(( END_S - START_S ))

onx_json_out uploaded true remote_path "$REMOTE_FULL" bytes "$BYTES" duration_seconds "$DURATION"
