#!/bin/bash

# Configuration
BASE_URL="http://localhost:4000"
TIMESTAMP=$(date +%s)
USERNAME="user_$TIMESTAMP"
PASSWORD="password123"
EMAIL="${USERNAME}@example.com"
ORG_CODE="org_$TIMESTAMP"
ORG_NAME="Org $TIMESTAMP"

echo "Testing against $BASE_URL"
echo "User: $USERNAME"
echo "Org: $ORG_CODE"

# Helper function to check for errors
check_error() {
    if [ $? -ne 0 ]; then
        echo "Error: $1"
        exit 1
    fi
}

check_http_code() {
    RESPONSE=$1
    EXPECTED=$2
    
    if [ -z "$RESPONSE" ] || [ "$RESPONSE" == "null" ]; then
        if [ "$EXPECTED" == "200" ]; then
             return 0
        else
             echo "Expected code $EXPECTED, got empty response"
             exit 1
        fi
    fi

    # Check if .code exists and is a number. If not, assume 200.
    CODE=$(echo "$RESPONSE" | jq -r 'if (.code | type) == "number" then .code else 200 end')
    
    if [ "$CODE" != "$EXPECTED" ] && [ "$EXPECTED" != "200" ]; then
         echo "Expected code $EXPECTED, got $CODE"
         echo "Response: $RESPONSE"
         exit 1
    fi
    # Handle implicit 200 (when code field is missing or not a number)
    if [ "$EXPECTED" == "200" ] && [ "$CODE" != "200" ] && [ "$CODE" != "0" ]; then
         echo "Expected code 200, got $CODE"
         echo "Response: $RESPONSE"
         exit 1
    fi
}

echo "=================================================="
echo "1. Registering User..."
REGISTER_RES=$(curl -s -X POST "$BASE_URL/api/auth/register" \
    -H "Content-Type: application/json" \
    -d "{\"username\": \"$USERNAME\", \"password\": \"$PASSWORD\", \"email\": \"$EMAIL\"}")
echo "Register Response: $REGISTER_RES"
check_http_code "$REGISTER_RES" 200

echo "=================================================="
echo "2. Logging in..."
LOGIN_RES=$(curl -s -X POST "$BASE_URL/api/auth/login" \
    -H "Content-Type: application/json" \
    -d "{\"username\": \"$USERNAME\", \"password\": \"$PASSWORD\"}")
echo "Login Response: $LOGIN_RES"
check_http_code "$LOGIN_RES" 200

ACCESS_TOKEN=$(echo "$LOGIN_RES" | jq -r '.access_token')
REFRESH_TOKEN=$(echo "$LOGIN_RES" | jq -r '.refresh_token')

if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" == "null" ]; then
    echo "Failed to get access token"
    exit 1
fi

echo "Got Access Token"

echo "=================================================="
echo "3. Get User Info (Me)..."
ME_RES=$(curl -s -X GET "$BASE_URL/api/auth/me" \
    -H "Authorization: Bearer $ACCESS_TOKEN")
echo "Me Response: $ME_RES"
check_http_code "$ME_RES" 200
USER_ID=$(echo "$ME_RES" | jq -r '.id')
echo "User ID: $USER_ID"

echo "=================================================="
echo "4. Update User Info (Patch Me)..."
UPDATE_ME_RES=$(curl -s -X PATCH "$BASE_URL/api/auth/me" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"nickname\": \"Updated Nickname\"}")
echo "Update Me Response: $UPDATE_ME_RES"
check_http_code "$UPDATE_ME_RES" 200
NEW_NICKNAME=$(echo "$UPDATE_ME_RES" | jq -r '.nickname')
if [ "$NEW_NICKNAME" != "Updated Nickname" ]; then
    echo "Nickname update failed"
    exit 1
fi

echo "=================================================="
echo "5. Change Password..."
CHANGE_PW_RES=$(curl -s -X POST "$BASE_URL/api/auth/me/change-password" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"old_password\": \"$PASSWORD\", \"new_password\": \"newpassword123\"}")
echo "Change Password Response: $CHANGE_PW_RES"
check_http_code "$CHANGE_PW_RES" 200

# Verify login with new password
echo "Verifying new password..."
LOGIN_NEW_RES=$(curl -s -X POST "$BASE_URL/api/auth/login" \
    -H "Content-Type: application/json" \
    -d "{\"username\": \"$USERNAME\", \"password\": \"newpassword123\"}")
check_http_code "$LOGIN_NEW_RES" 200
echo "Login with new password successful"

# Get new token
ACCESS_TOKEN=$(echo "$LOGIN_NEW_RES" | jq -r '.access_token')
REFRESH_TOKEN=$(echo "$LOGIN_NEW_RES" | jq -r '.refresh_token')

echo "=================================================="
echo "6. Refresh Token..."
REFRESH_RES=$(curl -s -X POST "$BASE_URL/api/auth/refresh" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"refresh_token\": \"$REFRESH_TOKEN\"}")
echo "Refresh Response: $REFRESH_RES"
check_http_code "$REFRESH_RES" 200
NEW_ACCESS_TOKEN=$(echo "$REFRESH_RES" | jq -r '.access_token')
if [ -z "$NEW_ACCESS_TOKEN" ] || [ "$NEW_ACCESS_TOKEN" == "null" ]; then
    echo "Failed to refresh token"
    exit 1
fi
ACCESS_TOKEN=$NEW_ACCESS_TOKEN
echo "Token Refreshed"

echo "=================================================="
echo "7. Create Organization..."
CREATE_ORG_RES=$(curl -s -X POST "$BASE_URL/api/orgs" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"name\": \"$ORG_NAME\", \"code\": \"$ORG_CODE\", \"description\": \"Test Description\"}")
echo "Create Org Response: $CREATE_ORG_RES"
check_http_code "$CREATE_ORG_RES" 200
ORG_ID=$(echo "$CREATE_ORG_RES" | jq -r '.id')
echo "Org ID: $ORG_ID"

echo "=================================================="
echo "8. Get Organization..."
GET_ORG_RES=$(curl -s -X GET "$BASE_URL/api/orgs/$ORG_ID" \
    -H "Authorization: Bearer $ACCESS_TOKEN")
# Need to pass X-Org-ID or use context? 
# The get endpoint logic: Router.Get("/{org_id}", ..., setOrgID, auth.VBaseAuth.Perm("org:read"), get)
# setOrgID sets org_id from path param.
# Perm checks permission for that org_id.
# User should have admin role in that org.
echo "Get Org Response: $GET_ORG_RES"
check_http_code "$GET_ORG_RES" 200

echo "=================================================="
echo "9. Update Organization..."
UPDATE_ORG_RES=$(curl -s -X PATCH "$BASE_URL/api/orgs/$ORG_ID" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"name\": \"${ORG_NAME}_Updated\"}")
echo "Update Org Response: $UPDATE_ORG_RES"
check_http_code "$UPDATE_ORG_RES" 200
UPDATED_NAME=$(echo "$UPDATE_ORG_RES" | jq -r '.name')
if [ "$UPDATED_NAME" != "${ORG_NAME}_Updated" ]; then
    echo "Failed to update organization name"
    exit 1
fi

echo "=================================================="
echo "10. List Org Members..."
MEMBERS_RES=$(curl -s -X GET "$BASE_URL/api/orgs/$ORG_ID/members" \
    -H "Authorization: Bearer $ACCESS_TOKEN")
echo "List Members Response: $MEMBERS_RES"
check_http_code "$MEMBERS_RES" 200

# Verify member count is at least 1 (the owner)
TOTAL=$(echo "$MEMBERS_RES" | jq -r '.total')
if [ "$TOTAL" -lt 1 ]; then
    echo "Expected at least 1 member, got $TOTAL"
    exit 1
fi


echo "=================================================="
echo "11. List Users..."
USERS_RES=$(curl -s -X GET "$BASE_URL/api/users" \
    -H "Authorization: Bearer $ACCESS_TOKEN")
echo "List Users Response: $USERS_RES"
check_http_code "$USERS_RES" 200

echo "=================================================="
echo "12. Delete Organization..."
DELETE_ORG_RES=$(curl -s -X DELETE "$BASE_URL/api/orgs/$ORG_ID" \
    -H "Authorization: Bearer $ACCESS_TOKEN")
echo "Delete Org Response: $DELETE_ORG_RES"
check_http_code "$DELETE_ORG_RES" 200

# Verify deletion
VERIFY_RES=$(curl -s -X GET "$BASE_URL/api/orgs/$ORG_ID" \
    -H "Authorization: Bearer $ACCESS_TOKEN")
echo "Verify Delete Response: $VERIFY_RES"
# Expect 404
CODE=$(echo "$VERIFY_RES" | jq -r '.code')
if [ "$CODE" != "404" ]; then
    echo "Organization not deleted properly, got code $CODE"
    exit 1
fi

echo "=================================================="
echo "13. Logout..."
LOGOUT_RES=$(curl -s -X POST "$BASE_URL/api/auth/logout" \
    -H "Authorization: Bearer $ACCESS_TOKEN")
echo "Logout Response: $LOGOUT_RES"
check_http_code "$LOGOUT_RES" 200

echo "=================================================="
echo "All Tests Passed Successfully!"