#!/usr/bin/env bash
# onx-db-user-create — MariaDB kullanici olustur
# Input:  {"db_user":"onx_xxx_user","password":"<plain>","host":"localhost",
#           "auth_plugin":"mysql_native_password|caching_sha2_password"}
# Output: {"db_user":...,"host":...,"created":true}

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
require_cmd mysql
onx_json_input

DB_USER="$(onx_json_field db_user)"
PASSWORD="$(onx_json_field password)"
HOST="$(onx_json_field host 'localhost')"
AUTH_PLUGIN="$(onx_json_field auth_plugin 'mysql_native_password')"

[[ -z "$DB_USER" ]]   && onx_die 1 "db_user zorunlu"
[[ -z "$PASSWORD" ]]  && onx_die 1 "password zorunlu"
[[ "$DB_USER" =~ ^onx_[a-z0-9]+_[a-z0-9_]+$ ]] || \
    onx_die 1 "Gecersiz db_user: '${DB_USER}'"
[[ "$AUTH_PLUGIN" =~ ^(mysql_native_password|caching_sha2_password)$ ]] || \
    onx_die 1 "Gecersiz auth_plugin: '${AUTH_PLUGIN}'"
[[ "$HOST" =~ ^[a-zA-Z0-9.%_-]+$ ]] || onx_die 1 "Gecersiz host: '${HOST}'"

onx_log "db-user-create: user=${DB_USER}@${HOST} plugin=${AUTH_PLUGIN}"

# Kullanici zaten varsa hata verme — IF NOT EXISTS yok, REPLACE kullanlir
mysql_exec "" "CREATE USER IF NOT EXISTS '${DB_USER}'@'${HOST}' IDENTIFIED WITH ${AUTH_PLUGIN} BY '${PASSWORD}';" \
    || onx_die 3 "CREATE USER basarisiz: ${DB_USER}@${HOST}"

json_ok "{\"db_user\":\"${DB_USER}\",\"host\":\"${HOST}\",\"auth_plugin\":\"${AUTH_PLUGIN}\",\"created\":true}"
