import { $ } from "bun";
import fs from "node:fs";
import execute from "../(utils)/execute";

export default async function setupSSL() {
    console.log("Generating SSL Files ...");

    const CA_CERT_FILE = "/ssl/ca-cert.pem";
    const CA_KEY_FILE = "/ssl/ca-key.pem";
    const SERVER_CERT_FILE = "/ssl/server-cert.pem";
    const SERVER_KEY_FILE = "/ssl/server-key.pem";

    if (!fs.existsSync("/app/ssl")) {
        fs.mkdirSync("/app/ssl", { recursive: true });
    }

    if (!fs.existsSync("/app/public/documents/ssl/")) {
        fs.mkdirSync("/app/public/documents/ssl/", { recursive: true });
    }

    $.cwd("/ssl");

    if (!fs.existsSync(CA_CERT_FILE) || !fs.existsSync(CA_KEY_FILE)) {
        console.log("Generating SSL Files ...");

        execute(`rm -Rf /ssl/*`);
        execute(`openssl genrsa 2048 >ca-key.pem`, { cwd: "/ssl" });
        execute(
            `openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem -subj "/C=/ST=/L=/O=/CN=MariaDB admin"`,
            { cwd: "/ssl" }
        );
        execute(
            `openssl req -newkey rsa:2048 -days 365000 -nodes -keyout server-key.pem -out server-req.pem -subj "/C=/ST=/L=/O=/CN=MariaDB server"`,
            { cwd: "/ssl" }
        );
        execute(`openssl rsa -in server-key.pem -out server-key.pem`, {
            cwd: "/ssl",
        });
        execute(
            `openssl x509 -req -in server-req.pem -days 365000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem`,
            { cwd: "/ssl" }
        );
        execute(
            `openssl req -newkey rsa:2048 -days 365000 -nodes -keyout client-key.pem -out client-req.pem -subj "/C=/ST=/L=/O=/CN=MariaDB user"`,
            { cwd: "/ssl" }
        );
        execute(`openssl rsa -in client-key.pem -out client-key.pem`, {
            cwd: "/ssl",
        });
        execute(
            `openssl x509 -req -in client-req.pem -days 365000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem`,
            { cwd: "/ssl" }
        );
    }

    execute(`chmod 755 /ssl`);
    execute(`chmod 644 /ssl/\*.pem`);

    execute(`rm -Rf /app/ssl/\*`);
    execute(`rm -Rf /app/public/documents/ssl/\*`);

    execute(`cp /ssl/ca-cert.pem /app/ssl/`);
    // execute(`cp /ssl/client-key.pem /app/ssl/`);
    // execute(`cp /ssl/client-cert.pem /app/ssl/`);
    execute(`cp /ssl/ca-cert.pem /app/public/documents/ssl/`);
    // execute(`cp /ssl/client-key.pem /app/public/documents/ssl/`);
    // execute(`cp /ssl/client-cert.pem /app/public/documents/ssl/`);

    const LOCAL_CONFIG_DIR = "/app/jsonData/dbSchemas/users";

    if (!fs.existsSync(LOCAL_CONFIG_DIR)) {
        console.log("Creating Local Config Directory ...");
        fs.mkdirSync(LOCAL_CONFIG_DIR, { recursive: true });
    }

    console.log("SSL Files Setup Complete!");
}