#!/usr/bin/env bash
set -Eeuo pipefail

die() {
  printf 'Erreur: %s\n' "$*" >&2
  exit 1
}

require_command() {
  command -v "$1" >/dev/null 2>&1 || die "commande requise introuvable: $1"
}

load_env_file() {
  if [[ -f ".env" ]]; then
    set -a
    # shellcheck disable=SC1091
    . ".env"
    set +a
  fi
}

require_var() {
  local name="$1"
  [[ -n "${!name:-}" ]] || die "variable obligatoire manquante: $name"
}

normalize_url() {
  local base_url="$1"
  printf '%s' "${base_url%/}"
}

normalize_endpoint() {
  local endpoint="$1"
  if [[ "$endpoint" == /* ]]; then
    printf '%s' "$endpoint"
  else
    printf '/%s' "$endpoint"
  fi
}

main() {
  require_command curl
  load_env_file

  require_var PFSENSE_URL
  require_var PFSENSE_USER
  require_var PFSENSE_PASSWORD

  local endpoint="${PFSENSE_ENDPOINT:-/api/v2/status/system}"
  local url
  url="$(normalize_url "$PFSENSE_URL")$(normalize_endpoint "$endpoint")"

  local curl_args=(
    --silent
    --show-error
    --location
    --connect-timeout 10
    --max-time 30
    --request GET
    --user "${PFSENSE_USER}:${PFSENSE_PASSWORD}"
    --header "Accept: application/json"
    --output /tmp/pfsense-api-response.$$
    --write-out "%{http_code}"
    "$url"
  )

  if [[ "${PFSENSE_INSECURE:-false}" == "true" ]]; then
    curl_args=(--insecure "${curl_args[@]}")
  fi

  local response_file="/tmp/pfsense-api-response.$$"
  trap 'rm -f "$response_file"' EXIT

  printf 'Test API pfSense: %s\n' "$url"

  local http_code
  if ! http_code="$(curl "${curl_args[@]}")"; then
    die "appel curl impossible vers pfSense"
  fi

  if [[ "$http_code" =~ ^2[0-9][0-9]$ ]]; then
    printf 'Connexion API OK, code HTTP %s.\n' "$http_code"
    if command -v jq >/dev/null 2>&1; then
      jq . "$response_file" 2>/dev/null || sed -n '1,20p' "$response_file"
    else
      sed -n '1,20p' "$response_file"
    fi
    exit 0
  fi

  printf 'Connexion API refusee, code HTTP %s.\n' "$http_code" >&2
  sed -n '1,20p' "$response_file" >&2
  exit 1
}

main "$@"