#!/bin/bash

# RabbitMQ Management API Setup Script
# Configures user permissions for non-destructive DLQ message peeking

set -e

echo "╔════════════════════════════════════════════════════════════╗"
echo "║  RabbitMQ Management API Setup                            ║"
echo "╚════════════════════════════════════════════════════════════╝"
echo ""

# Get RabbitMQ user from environment or use default
RABBITMQ_USER=${QUEUE_USR:-agm}
RABBITMQ_PASS=${QUEUE_PWD:-Ag@Rabbit2024}
RABBITMQ_VHOST=${QUEUE_VHOST:-/}
MGMT_PORT=${RABBITMQ_MGMT_PORT:-15672}

echo "Configuration:"
echo "  User:     $RABBITMQ_USER"
echo "  VHost:    $RABBITMQ_VHOST"
echo "  Mgmt Port: $MGMT_PORT"
echo ""

# Step 1: Check if Management plugin is enabled
echo "──────────────────────────────────────────────────────────"
echo "Step 1: Checking Management plugin..."

if rabbitmq-plugins list | grep -q '\[E\*\] rabbitmq_management'; then
    echo "✓ Management plugin is already enabled"
else
    echo "⚠ Management plugin not enabled. Enabling..."
    sudo rabbitmq-plugins enable rabbitmq_management
    echo "✓ Management plugin enabled"
    echo "  Note: RabbitMQ may need restart for changes to take effect"
fi
echo ""

# Step 2: Check current user tags
echo "──────────────────────────────────────────────────────────"
echo "Step 2: Checking user permissions..."

USER_INFO=$(sudo rabbitmqctl list_users | grep "^${RABBITMQ_USER}" || echo "")

if [ -z "$USER_INFO" ]; then
    echo "✗ User '$RABBITMQ_USER' not found!"
    echo "  Creating user..."
    sudo rabbitmqctl add_user "$RABBITMQ_USER" "$RABBITMQ_PASS"
    echo "✓ User created"
    USER_INFO=$(sudo rabbitmqctl list_users | grep "^${RABBITMQ_USER}")
fi

echo "  Current: $USER_INFO"

# Check if user has monitoring or management tag
if echo "$USER_INFO" | grep -qE '\[(monitoring|management|administrator)'; then
    echo "✓ User already has Management API access"
else
    echo "⚠ User lacks Management API tags. Adding 'monitoring' tag..."
    sudo rabbitmqctl set_user_tags "$RABBITMQ_USER" monitoring
    echo "✓ Added 'monitoring' tag to user"
    
    NEW_INFO=$(sudo rabbitmqctl list_users | grep "^${RABBITMQ_USER}")
    echo "  Updated: $NEW_INFO"
fi
echo ""

# Step 3: Verify vhost permissions
echo "──────────────────────────────────────────────────────────"
echo "Step 3: Verifying vhost permissions..."

PERMS=$(sudo rabbitmqctl list_permissions -p "$RABBITMQ_VHOST" | grep "^${RABBITMQ_USER}" || echo "")

if [ -z "$PERMS" ]; then
    echo "⚠ User has no permissions on vhost '$RABBITMQ_VHOST'. Setting..."
    sudo rabbitmqctl set_permissions -p "$RABBITMQ_VHOST" "$RABBITMQ_USER" ".*" ".*" ".*"
    echo "✓ Permissions set"
else
    echo "✓ User has permissions: $PERMS"
fi
echo ""

# Step 4: Test Management API access
echo "──────────────────────────────────────────────────────────"
echo "Step 4: Testing Management API access..."

HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
    -u "${RABBITMQ_USER}:${RABBITMQ_PASS}" \
    "http://localhost:${MGMT_PORT}/api/overview" 2>/dev/null || echo "000")

if [ "$HTTP_CODE" = "200" ]; then
    echo "✓ Management API access successful!"
    
    # Get RabbitMQ version
    RABBITMQ_VERSION=$(curl -s -u "${RABBITMQ_USER}:${RABBITMQ_PASS}" \
        "http://localhost:${MGMT_PORT}/api/overview" 2>/dev/null | \
        grep -o '"rabbitmq_version":"[^"]*"' | cut -d'"' -f4 || echo "unknown")
    
    echo "  RabbitMQ Version: $RABBITMQ_VERSION"
    echo "  Management UI: http://localhost:${MGMT_PORT}"
    
elif [ "$HTTP_CODE" = "401" ]; then
    echo "✗ Authentication failed (401)"
    echo "  Possible causes:"
    echo "  - Incorrect password"
    echo "  - User tags not updated yet (may need RabbitMQ restart)"
    echo "  - Try: sudo systemctl restart rabbitmq-server"
    exit 1
    
elif [ "$HTTP_CODE" = "000" ]; then
    echo "✗ Connection refused"
    echo "  Possible causes:"
    echo "  - Management plugin not fully started"
    echo "  - RabbitMQ not running"
    echo "  - Firewall blocking port $MGMT_PORT"
    echo "  - Try: sudo systemctl status rabbitmq-server"
    exit 1
    
else
    echo "✗ Unexpected HTTP code: $HTTP_CODE"
    exit 1
fi
echo ""

# Summary
echo "══════════════════════════════════════════════════════════"
echo "Setup Complete!"
echo "══════════════════════════════════════════════════════════"
echo ""
echo "Management API Configuration:"
echo "  URL:      http://localhost:${MGMT_PORT}"
echo "  Username: $RABBITMQ_USER"
echo "  Password: ****"
echo "  Tags:     monitoring (or better)"
echo ""
echo "Test DLQ messages endpoint:"
echo "  curl -u ${RABBITMQ_USER}:**** \\"
echo "    'http://localhost:4100/api/dlq/dev_partner_tasks/messages?limit=10'"
echo ""
echo "Or test with script:"
echo "  node tests/test_dlq_mgmt_api.js"
echo ""