#!/bin/bash

# Script to generate HTTP Basic Auth passwords for monitoring services
# Usage: ./generate_auth_passwords.sh [username]

set -e

# Default username if not provided
USERNAME=${1:-"admin"}

# Create passwords directory if it doesn't exist
PASSWORDS_DIR="/etc/nginx/passwords"
mkdir -p "$PASSWORDS_DIR"

# Generate random password
PASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-25)

# Create htpasswd file
echo "Creating password file for user: $USERNAME"
htpasswd -cb "$PASSWORDS_DIR/monitoring.htpasswd" "$USERNAME" "$PASSWORD"

# Set proper permissions
chown root:www-data "$PASSWORDS_DIR/monitoring.htpasswd"
chmod 640 "$PASSWORDS_DIR/monitoring.htpasswd"

echo "Password file created: $PASSWORDS_DIR/monitoring.htpasswd"
echo "Username: $USERNAME"
echo "Password: $PASSWORD"
echo ""
echo "Save this password securely!"
echo "You can add more users with: htpasswd $PASSWORDS_DIR/monitoring.htpasswd <username>"