#!/usr/bin/env bash
# onx-backup-pull-from-destination — Uzak yedek hedefinden dosya indir (restore için)
#
# Input:
#   {
#     "remote_path": "onox-backups/backup_20260513.tar.gz",
#     "local_path":  "/tmp/restore_20260513.tar.gz",
#     "destination_id": 5,
#     "type": "s3|backblaze_b2|wasabi|sftp|ftp|local",
#     "config": { ... }
#   }
# Output: {"downloaded":true, "local_path":"...", "bytes":N, "duration_seconds":N}

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
onx_json_input

REMOTE_PATH="$(onx_json_field remote_path)"
LOCAL_PATH="$(onx_json_field local_path)"
TYPE="$(onx_json_field type)"
CONFIG="$(echo "$INPUT" | jq -c '.config // {}')"

[[ -z "$REMOTE_PATH" ]] && onx_die 1 "remote_path zorunlu"
[[ -z "$LOCAL_PATH" ]]  && onx_die 1 "local_path zorunlu"
[[ -z "$TYPE" ]]         && onx_die 1 "type zorunlu"

# Safety check: local_path must be under /tmp or /var/backups/onox
[[ "$LOCAL_PATH" =~ ^(/tmp|/var/backups/onox) ]] || \
    onx_die 1 "Güvensiz local_path: ${LOCAL_PATH}"

onx_log "backup-pull: type=${TYPE} remote=${REMOTE_PATH} local=${LOCAL_PATH}"

START_S=$(date +%s)

case "$TYPE" in
local)
    SRC_PATH="$(onx_json_get "$CONFIG" path '/var/backups/onox')"
    FULL_SRC="${SRC_PATH}/${REMOTE_PATH}"
    [[ ! -f "$FULL_SRC" ]] && onx_die 3 "Kaynak dosya bulunamadı: ${FULL_SRC}"
    cp "$FULL_SRC" "$LOCAL_PATH" || onx_die 3 "Kopyalama başarısız"
    ;;

s3|wasabi)
    require_cmd aws
    ENDPOINT="$(onx_json_get "$CONFIG" endpoint '')"
    REGION="$(onx_json_get "$CONFIG" region 'us-east-1')"
    BUCKET="$(onx_json_get "$CONFIG" bucket '')"
    ACCESS_KEY="$(onx_json_get "$CONFIG" access_key '')"
    SECRET_KEY="$(onx_json_get "$CONFIG" secret_key '')"

    [[ -z "$BUCKET" ]] && onx_die 1 "config.bucket zorunlu"
    ENDPOINT_ARG=""
    [[ -n "$ENDPOINT" ]] && ENDPOINT_ARG="--endpoint-url=${ENDPOINT}"

    AWS_ACCESS_KEY_ID="$ACCESS_KEY" \
    AWS_SECRET_ACCESS_KEY="$SECRET_KEY" \
    AWS_DEFAULT_REGION="$REGION" \
    aws s3 cp "s3://${BUCKET}/${REMOTE_PATH}" "$LOCAL_PATH" \
        $ENDPOINT_ARG --no-progress 2>&1 \
        || onx_die 3 "S3 indirme başarısız: s3://${BUCKET}/${REMOTE_PATH}"
    ;;

backblaze_b2)
    require_cmd aws
    ENDPOINT="$(onx_json_get "$CONFIG" endpoint '')"
    REGION="$(onx_json_get "$CONFIG" region 'us-west-002')"
    BUCKET="$(onx_json_get "$CONFIG" bucket '')"
    APP_KEY_ID="$(onx_json_get "$CONFIG" application_key_id '')"
    APP_KEY="$(onx_json_get "$CONFIG" application_key '')"

    [[ -z "$BUCKET" ]] && onx_die 1 "config.bucket zorunlu"
    [[ -z "$ENDPOINT" ]] && ENDPOINT="https://s3.${REGION}.backblazeb2.com"

    AWS_ACCESS_KEY_ID="$APP_KEY_ID" \
    AWS_SECRET_ACCESS_KEY="$APP_KEY" \
    AWS_DEFAULT_REGION="$REGION" \
    aws s3 cp "s3://${BUCKET}/${REMOTE_PATH}" "$LOCAL_PATH" \
        --endpoint-url="$ENDPOINT" --no-progress 2>&1 \
        || onx_die 3 "B2 indirme başarısız: ${BUCKET}/${REMOTE_PATH}"
    ;;

sftp)
    HOST="$(onx_json_get "$CONFIG" host '')"
    PORT="$(onx_json_get "$CONFIG" port '22')"
    USER="$(onx_json_get "$CONFIG" username '')"
    PRIV_KEY="$(onx_json_get "$CONFIG" private_key '')"
    PASSWORD="$(onx_json_get "$CONFIG" password '')"

    [[ -z "$HOST" ]] && onx_die 1 "config.host zorunlu"
    SSH_OPTS="-o StrictHostKeyChecking=no -o ConnectTimeout=15 -p ${PORT}"

    if [[ -n "$PRIV_KEY" ]]; then
        require_cmd rsync
        TMP_KEY=$(mktemp /tmp/onx-sftp-key-XXXXXX)
        chmod 600 "$TMP_KEY"
        printf '%s\n' "$PRIV_KEY" > "$TMP_KEY"
        trap 'rm -f "$TMP_KEY"' EXIT

        rsync -az --timeout=300 \
            -e "ssh -i ${TMP_KEY} ${SSH_OPTS}" \
            "${USER}@${HOST}:${REMOTE_PATH}" "$LOCAL_PATH" 2>&1 \
            || onx_die 3 "SFTP indirme başarısız"
    else
        require_cmd sshpass
        [[ -z "$PASSWORD" ]] && onx_die 1 "config.private_key veya config.password gerekli"
        sshpass -p "$PASSWORD" rsync -az --timeout=300 \
            -e "ssh ${SSH_OPTS}" \
            "${USER}@${HOST}:${REMOTE_PATH}" "$LOCAL_PATH" 2>&1 \
            || onx_die 3 "SFTP indirme başarısız"
    fi
    ;;

ftp)
    require_cmd lftp
    HOST="$(onx_json_get "$CONFIG" host '')"
    PORT="$(onx_json_get "$CONFIG" port '21')"
    USER="$(onx_json_get "$CONFIG" username '')"
    PASS="$(onx_json_get "$CONFIG" password '')"
    PASSIVE="$(onx_json_get "$CONFIG" passive 'true')"
    PASSIVE_SETTING="set ftp:passive-mode yes"
    [[ "$PASSIVE" == "false" ]] && PASSIVE_SETTING="set ftp:passive-mode no"

    lftp -u "${USER},${PASS}" "ftp://${HOST}:${PORT}" <<EOF 2>&1
$PASSIVE_SETTING
set ftp:ssl-allow yes
get ${REMOTE_PATH} -o ${LOCAL_PATH}
quit
EOF
    [[ $? -ne 0 ]] && onx_die 3 "FTP indirme başarısız: ${REMOTE_PATH}"
    ;;

*)
    onx_die 1 "Bilinmeyen tip: ${TYPE}"
    ;;
esac

END_S=$(date +%s)
DURATION=$(( END_S - START_S ))
BYTES=$(stat -c%s "$LOCAL_PATH" 2>/dev/null || echo 0)

onx_json_out downloaded true local_path "$LOCAL_PATH" bytes "$BYTES" duration_seconds "$DURATION"
