#!/bin/bash
# Add docs.katykhin.ru → 192.168.1.104:8000 via NPM API
# Usage: NPM_EMAIL=admin@example.com NPM_PASSWORD=xxx ./npm-add-proxy.sh

set -e
NPM_URL="${NPM_URL:-http://192.168.1.100:81}"
API="$NPM_URL/api"

if [ -z "$NPM_EMAIL" ] || [ -z "$NPM_PASSWORD" ]; then
  echo "Set NPM_EMAIL and NPM_PASSWORD"
  exit 1
fi

echo "Getting token..."
TOKEN=$(curl -s -X POST "$API/tokens" \
  -H "Content-Type: application/json" \
  -d "{\"identity\":\"$NPM_EMAIL\",\"secret\":\"$NPM_PASSWORD\"}" \
  | jq -r '.token // empty')

if [ -z "$TOKEN" ]; then
  echo "Failed to get token"
  exit 1
fi

echo "Finding certificate for docs.katykhin.ru..."
CERT_ID=$(curl -s -H "Authorization: Bearer $TOKEN" "$API/nginx/certificates" \
  | jq -r '.[] | select(.domain_names[]? == "docs.katykhin.ru") | .id' | head -1)

PAYLOAD=$(jq -n \
  --arg cert "$CERT_ID" \
  '{
    domain_names: ["docs.katykhin.ru"],
    forward_host: "192.168.1.104",
    forward_port: "8000",
    forward_scheme: "http",
    enabled: true,
    allow_websocket_upgrade: true,
    http2_support: true,
    block_exploits: true,
    certificate_id: (if $cert != "" and $cert != "null" then ($cert | tonumber) else null end),
    ssl_forced: ($cert != "" and $cert != "null")
  }')

echo "Creating proxy host..."
RESP=$(curl -s -w "\n%{http_code}" -X POST "$API/nginx/proxy-hosts" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "$PAYLOAD")
HTTP_CODE=$(echo "$RESP" | tail -1)
BODY=$(echo "$RESP" | sed '$d')

if [ "$HTTP_CODE" = "201" ]; then
  echo "Proxy host created: docs.katykhin.ru -> 192.168.1.104:8000"
  echo "$BODY" | jq .
else
  echo "Failed (HTTP $HTTP_CODE):"
  echo "$BODY" | jq . 2>/dev/null || echo "$BODY"
  exit 1
fi