#!/usr/bin/env bash
# =============================================================================
# onx-git-clone — Clone a remote repo into a user's home (or init a bare one)
#
# Input:
#   {
#     "username":  "onx_xxxx",
#     "repo_url":  "https://github.com/foo/bar.git" | "",  // empty = init
#     "path":      "/home/<user>/repos/bar",
#     "branch":    "main",
#     "deploy_key_private": "..."  // optional; sets GIT_SSH_COMMAND if present
#   }
#
# Idempotency: if path already contains .git, fall back to git pull instead of clone.
#
# Output:
#   {
#     "path": "...", "branch": "main",
#     "last_commit_sha": "abc123...", "last_commit_message": "...",
#     "last_commit_author": "...", "last_commit_date": "ISO8601",
#     "cloned": true|false, "pulled": false|true
#   }
#
# Exit codes: 0=ok 1=invalid-input 2=preflight-fail 3=execution-fail
# Deployed to: /usr/local/onoxsoft/bin/onx-git-clone
# =============================================================================

set -euo pipefail

SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
source "${SCRIPT_DIR}/_lib/common.sh"

require_cmd jq
require_cmd git

INPUT=$(cat)
onx_require_json "${INPUT}"

USERNAME=$(onx_json_get "${INPUT}" "username")
REPO_URL=$(onx_json_get "${INPUT}" "repo_url" "")
DEST=$(onx_json_get    "${INPUT}" "path")
BRANCH=$(onx_json_get  "${INPUT}" "branch" "main")
DKEY=$(onx_json_get    "${INPUT}" "deploy_key_private" "")

onx_validate_username "${USERNAME}"
id "${USERNAME}" &>/dev/null || onx_die 2 "Linux user does not exist: ${USERNAME}"

[[ -n "${DEST}" ]] || onx_die 1 "path is required"
# Allow only paths under /home/<username>
case "${DEST}" in
    "/home/${USERNAME}"|"/home/${USERNAME}/"*) : ;;
    *) onx_die 1 "path must live under /home/${USERNAME}" ;;
esac
# No relative segments
[[ "${DEST}" == *..* ]] && onx_die 1 "path may not contain '..'"

mkdir -p "$(dirname "${DEST}")"
chown "${USERNAME}:${USERNAME}" "$(dirname "${DEST}")" 2>/dev/null || true

# Optional deploy key handling
GIT_SSH_OPT=""
DKEY_TMP=""
if [[ -n "${DKEY}" ]]; then
    DKEY_TMP=$(mktemp -t onx-git-key.XXXXXX)
    chmod 600 "${DKEY_TMP}"
    chown "${USERNAME}:${USERNAME}" "${DKEY_TMP}"
    printf '%s\n' "${DKEY}" > "${DKEY_TMP}"
    GIT_SSH_OPT="GIT_SSH_COMMAND='ssh -i ${DKEY_TMP} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"
    trap 'rm -f "${DKEY_TMP}" 2>/dev/null || true' EXIT
fi

CLONED=false
PULLED=false

if [[ -d "${DEST}/.git" ]]; then
    # Idempotent retry → pull
    su -s /bin/bash "${USERNAME}" -c \
        "${GIT_SSH_OPT} git -C '${DEST}' fetch --all --prune && \
         git -C '${DEST}' checkout '${BRANCH}' && \
         git -C '${DEST}' pull --ff-only origin '${BRANCH}'" \
        >/dev/null 2>&1 || onx_die 3 "git pull failed in ${DEST}"
    PULLED=true
elif [[ -z "${REPO_URL}" ]]; then
    # No URL → init empty repo
    su -s /bin/bash "${USERNAME}" -c \
        "mkdir -p '${DEST}' && git -C '${DEST}' init -b '${BRANCH}'" \
        >/dev/null 2>&1 || onx_die 3 "git init failed in ${DEST}"
    CLONED=true
else
    # Fresh clone
    su -s /bin/bash "${USERNAME}" -c \
        "${GIT_SSH_OPT} git clone --branch '${BRANCH}' '${REPO_URL}' '${DEST}'" \
        >/dev/null 2>&1 || onx_die 3 "git clone failed: ${REPO_URL}"
    CLONED=true
fi

# Read last commit info (best effort; empty repo returns blanks)
SHA=$(su -s /bin/bash "${USERNAME}" -c "git -C '${DEST}' rev-parse HEAD 2>/dev/null" || echo "")
MSG=$(su -s /bin/bash "${USERNAME}" -c "git -C '${DEST}' log -1 --pretty=%s 2>/dev/null" || echo "")
AUTHOR=$(su -s /bin/bash "${USERNAME}" -c "git -C '${DEST}' log -1 --pretty=%an 2>/dev/null" || echo "")
ISO=$(su -s /bin/bash "${USERNAME}" -c "git -C '${DEST}' log -1 --pretty=%cI 2>/dev/null" || echo "")

MSG_J=$(printf '%s' "${MSG}"    | jq -Rs '.')
AUT_J=$(printf '%s' "${AUTHOR}" | jq -Rs '.')
ISO_J=$(printf '%s' "${ISO}"    | jq -Rs '.')

onx_log "git-clone: ${DEST} branch=${BRANCH} cloned=${CLONED} pulled=${PULLED}"

printf '{"path":"%s","branch":"%s","last_commit_sha":"%s","last_commit_message":%s,"last_commit_author":%s,"last_commit_date":%s,"cloned":%s,"pulled":%s}\n' \
    "${DEST}" "${BRANCH}" "${SHA}" "${MSG_J}" "${AUT_J}" "${ISO_J}" "${CLONED}" "${PULLED}"
