#!/usr/bin/env bash
# ╔═══════════════════════════════════════════════════════╗
# ║   NexaCore AI VPS — Langflow Template v1.0.0         ║
# ╚═══════════════════════════════════════════════════════╝
# Usage:
#   DOMAIN=flows.yourdomain.com bash <(curl -s https://templates.nexacore.cl/v1/langflow/install.sh)
set -euo pipefail

VERSION="1.0.0"
TEMPLATE_NAME="Langflow"
SERVICE_NAME="langflow"
DEFAULT_PORT="7860"

SCRIPTS_URL="${NEXACORE_SCRIPTS_URL:-https://templates.nexacore.cl/scripts/common}"
_LOCAL_SCRIPTS="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../../.."

source_lib() {
  local lib="$1"
  local local_path="${_LOCAL_SCRIPTS}/scripts/common/${lib}"
  if [[ -f "$local_path" ]]; then source "$local_path"
  else source <(curl -fsSL "${SCRIPTS_URL}/${lib}") || { echo "[✘] Failed: ${lib}"; exit 1; }
  fi
}

source_lib utils.sh
source_lib install_docker.sh
source_lib install_caddy.sh
source_lib setup_firewall.sh
source_lib setup_fail2ban.sh
source_lib setup_ssh.sh
source_lib setup_directories.sh
source_lib setup_logging.sh

DOMAIN="${DOMAIN:-}"
LF_SUPERUSER="${LF_SUPERUSER:-admin@nexacore.cl}"
APP_DIR="${NEXACORE_BASE_DIR}/apps/${SERVICE_NAME}"
export NEXACORE_LOG_FILE="${NEXACORE_LOG_DIR}/install-${SERVICE_NAME}.log"

prompt_config() {
  if [[ -z "$DOMAIN" ]]; then
    echo -e "${Y}Enter domain (e.g. flows.yourdomain.com):${X}"; read -r DOMAIN
    [[ -n "$DOMAIN" ]] || die "Domain required"
  fi
}

deploy_langflow() {
  local password; password=$(gen_password 20)
  local secret;   secret=$(gen_secret 32)
  mkdir -p "${APP_DIR}" "${NEXACORE_BASE_DIR}/data/${SERVICE_NAME}"

  cat > "${APP_DIR}/.env" <<EOF
# NexaCore — Langflow — $(date)
LANGFLOW_SECRET_KEY=${secret}
LANGFLOW_SUPERUSER=${LF_SUPERUSER}
LANGFLOW_SUPERUSER_PASSWORD=${password}
LANGFLOW_AUTO_LOGIN=false
LANGFLOW_SAVE_DB_IN_CONFIG_DIR=true
EOF
  chmod 600 "${APP_DIR}/.env"

  cat > "${APP_DIR}/docker-compose.yml" <<EOF
version: "3.9"
services:
  langflow:
    image: langflowai/langflow:latest
    container_name: nexacore-langflow
    restart: unless-stopped
    ports:
      - "127.0.0.1:${DEFAULT_PORT}:7860"
    env_file: .env
    volumes:
      - ${NEXACORE_BASE_DIR}/data/${SERVICE_NAME}:/app/langflow
    labels:
      - "com.nexacore.template=langflow"
      - "com.nexacore.version=${VERSION}"
EOF

  step "Starting Langflow..."
  docker compose -f "${APP_DIR}/docker-compose.yml" up -d >> "$NEXACORE_LOG_FILE" 2>&1

  cat > "${NEXACORE_BASE_DIR}/configs/${SERVICE_NAME}/credentials.txt" <<EOF
# NexaCore — $(date)
URL=https://${DOMAIN}
USER=${LF_SUPERUSER}
PASSWORD=${password}
EOF
  chmod 600 "${NEXACORE_BASE_DIR}/configs/${SERVICE_NAME}/credentials.txt"
  echo "$password"
}

main() {
  require_root; require_ubuntu
  print_banner "$TEMPLATE_NAME"
  prompt_config

  setup_logging
  step "[1/8] Updating system..."; apt_update
  DEBIAN_FRONTEND=noninteractive apt-get upgrade -y -q >> "$NEXACORE_LOG_FILE" 2>&1
  step "[2/8] Creating directories..."; setup_directories "$SERVICE_NAME"
  step "[3/8] Installing Docker...";    install_docker
  step "[4/8] Deploying Langflow...";
  local password; password=$(deploy_langflow)
  step "[5/8] Installing Caddy...";    install_caddy
  write_caddyfile "$DOMAIN" "localhost:${DEFAULT_PORT}"
  step "[6/8] Configuring firewall..."; setup_firewall
  step "[7/8] Configuring fail2ban..."; setup_fail2ban
  step "[8/8] Hardening SSH...";       setup_ssh

  print_summary "$DOMAIN" "$SERVICE_NAME" \
    "User     : ${LF_SUPERUSER}" \
    "Password : ${password}"
}

main "$@"