#!/usr/bin/env bash
set -euo pipefail

VERSION="3.2.49"
DEFAULT_TAR_URL="https://agente.ovana.app/ovana-agent-3.2.49-linux-x86_64.tar.gz"
SERVER_URL="${OVANA_SERVER_URL:-}"
TARGET_USER="${OVANA_INSTALL_USER:-${SUDO_USER:-}}"
LOCAL_TAR=""
TAR_URL="$DEFAULT_TAR_URL"
KEEP_DATA="no"
ASSUME_YES="no"
SKIP_DOWNLOAD="no"

log(){ printf '[OVANA] %s\n' "$*"; }
warn(){ printf '[WARN] %s\n' "$*" >&2; }
fail(){ printf '[ERROR] %s\n' "$*" >&2; exit 1; }

usage(){
cat <<USAGE
OVANA Agent Linux $VERSION - instalacion limpia desde cero

Uso:
  sudo bash install_ovana_linux_from_zero.sh --server-url https://TU-SERVIDOR --user jorge
  sudo bash install_ovana_linux_from_zero.sh --server-url https://TU-SERVIDOR --user jorge --local-tar ./ovana-agent-3.2.49-linux-x86_64.tar.gz

Opciones:
  --server-url URL     URL/IP del servidor OVANA. Unico dato requerido.
  --user USUARIO       Usuario grafico donde se instalara el watcher.
  --local-tar PATH     Usar TAR.GZ local en vez de descargar.
  --tar-url URL        URL alternativa del TAR.GZ.
  --keep-data          No borra cola/identidad/logs anteriores.
  -y, --yes            No pedir confirmacion.
  -h, --help           Ayuda.

No pide ni usa api_key, license_key, tenant_id, organization_id ni enrollment_token.
USAGE
}

while [ $# -gt 0 ]; do
  case "$1" in
    --server-url) SERVER_URL="${2:-}"; shift 2 ;;
    --user) TARGET_USER="${2:-}"; shift 2 ;;
    --local-tar) LOCAL_TAR="${2:-}"; shift 2 ;;
    --tar-url) TAR_URL="${2:-}"; shift 2 ;;
    --keep-data) KEEP_DATA="yes"; shift ;;
    -y|--yes) ASSUME_YES="yes"; shift ;;
    -h|--help) usage; exit 0 ;;
    *) fail "Opcion no reconocida: $1" ;;
  esac
done

[ "$(id -u)" -eq 0 ] || fail "Ejecuta con sudo/root"

if [ -z "$SERVER_URL" ] && [ -t 0 ]; then
  read -r -p "IP, dominio o URL del servidor OVANA: " SERVER_URL
fi
[ -n "$SERVER_URL" ] || fail "--server-url es requerido"
if [[ "$SERVER_URL" != http://* && "$SERVER_URL" != https://* ]]; then
  SERVER_URL="https://$SERVER_URL"
fi
SERVER_URL="${SERVER_URL%/}"

if [ -z "$TARGET_USER" ] || [ "$TARGET_USER" = "root" ]; then
  TARGET_USER="$(loginctl list-sessions --no-legend 2>/dev/null | awk '$3 != "root" && $3 != "gdm" {print $3; exit}')"
fi
if [ -z "$TARGET_USER" ] || [ "$TARGET_USER" = "root" ]; then
  fail "No pude detectar usuario grafico. Usa --user USUARIO"
fi
id "$TARGET_USER" >/dev/null 2>&1 || fail "Usuario no existe: $TARGET_USER"
TARGET_UID="$(id -u "$TARGET_USER")"
TARGET_HOME="$(getent passwd "$TARGET_USER" | cut -d: -f6)"
RUNTIME_DIR="/run/user/$TARGET_UID"
BUS_ADDR="unix:path=$RUNTIME_DIR/bus"

log "Servidor OVANA: $SERVER_URL"
log "Usuario grafico: $TARGET_USER"
log "Home usuario: $TARGET_HOME"

if [ "$ASSUME_YES" != "yes" ] && [ -t 0 ]; then
  echo
  warn "Esto detendra y eliminara instalaciones previas de OVANA Agent en esta maquina."
  if [ "$KEEP_DATA" != "yes" ]; then
    warn "Tambien borrara cola offline, identidad local y logs anteriores."
  fi
  read -r -p "Continuar? [s/N]: " ans
  case "$ans" in s|S|si|SI|yes|YES|y|Y) ;; *) fail "Cancelado" ;; esac
fi

install_deps(){
  log "Instalando dependencias base y capturadores de escritorio si estan disponibles..."
  if command -v apt-get >/dev/null 2>&1; then
    apt-get update -y || true
    DEBIAN_FRONTEND=noninteractive apt-get install -y curl ca-certificates tar gzip python3 python3-venv python3-pip procps util-linux dbus-x11 xdotool wmctrl x11-utils xprintidle gnome-shell-extension-prefs chrome-gnome-shell || true
  elif command -v dnf >/dev/null 2>&1; then
    dnf install -y curl ca-certificates tar gzip python3 python3-pip procps-ng util-linux dbus-x11 xdotool wmctrl xorg-x11-utils gnome-extensions-app || true
  elif command -v yum >/dev/null 2>&1; then
    yum install -y curl ca-certificates tar gzip python3 python3-pip procps-ng util-linux dbus-x11 xdotool wmctrl xorg-x11-utils || true
  elif command -v zypper >/dev/null 2>&1; then
    zypper --non-interactive install curl ca-certificates tar gzip python3 python3-pip procps dbus-1-x11 xdotool wmctrl xprop || true
  elif command -v pacman >/dev/null 2>&1; then
    pacman -Sy --noconfirm curl ca-certificates tar gzip python python-pip procps-ng dbus xdotool wmctrl xorg-xprop xorg-xdpyinfo || true
  else
    warn "Gestor de paquetes no reconocido. Continuo, pero pueden faltar dependencias opcionales."
  fi
}

user_systemctl(){
  local args=("$@")
  if [ -S "$RUNTIME_DIR/bus" ]; then
    sudo -u "$TARGET_USER" env XDG_RUNTIME_DIR="$RUNTIME_DIR" DBUS_SESSION_BUS_ADDRESS="$BUS_ADDR" systemctl --user "${args[@]}" || true
  else
    warn "No hay bus de usuario activo en $RUNTIME_DIR/bus. El watcher arrancara al cerrar sesion y volver a entrar."
    return 0
  fi
}

clean_previous(){
  log "Deteniendo servicios anteriores..."
  systemctl stop ovana-agent 2>/dev/null || true
  systemctl disable ovana-agent 2>/dev/null || true
  user_systemctl stop ovana-agent-session.service
  user_systemctl disable ovana-agent-session.service

  log "Eliminando servicios y archivos anteriores..."
  rm -f /etc/systemd/system/ovana-agent.service
  rm -rf /etc/systemd/system/ovana-agent.service.d
  rm -f "$TARGET_HOME/.config/systemd/user/ovana-agent-session.service"
  rm -f "$TARGET_HOME/.config/autostart/ovana-agent-session.desktop"

  rm -rf /opt/ovana-agent
  if [ "$KEEP_DATA" != "yes" ]; then
    rm -rf /var/lib/ovana-agent /var/log/ovana-agent /etc/ovana /var/lib/ovana /var/log/ovana
    rm -rf "$TARGET_HOME/.local/share/ovana-agent" "$TARGET_HOME/.cache/ovana-agent"
  fi
  systemctl daemon-reload || true
  systemctl reset-failed || true
  user_systemctl daemon-reload
  user_systemctl reset-failed
}

write_config(){
  log "Escribiendo configuracion canonica en /opt/ovana-agent/config/agent.yaml"
  mkdir -p /opt/ovana-agent/config /var/lib/ovana-agent/queue /var/lib/ovana-agent/session /var/log/ovana-agent
  cat > /opt/ovana-agent/config/agent.yaml <<YAML
server:
  url: "$SERVER_URL"

agent:
  auto_register: true
  collect_interval: 30
  sync_interval: 60
  batch_size: 15
  log_level: "DEBUG"
  package_type: "tar.gz"
  version: "$VERSION"

offline:
  enabled: true
  queue_dir: "/var/lib/ovana-agent/queue"

logging:
  file: "/var/log/ovana-agent/ovana-agent.log"
  level: "DEBUG"

linux:
  enable_session_watcher: true
  install_user_service: true
  install_autostart_fallback: true
  enable_browser_url_capture: true
  enable_wayland_helpers: true
  group_repeated_events: true
  repeated_event_min_seconds: 300
YAML
  chmod 644 /opt/ovana-agent/config/agent.yaml
  touch /var/log/ovana-agent/ovana-agent.log
  chmod 755 /var/lib/ovana-agent /var/lib/ovana-agent/session /var/log/ovana-agent || true
  chmod 777 /var/lib/ovana-agent/session || true
  # Compatibilidad de lectura para paquetes viejos, pero la fuente real es agent.yaml.
  mkdir -p /etc/ovana
  cat > /etc/ovana/config.json <<JSON
{"server_url":"$SERVER_URL"}
JSON
}

install_tar(){
  local tmp pkg dir
  tmp="$(mktemp -d)"
  trap 'rm -rf "$tmp"' RETURN
  pkg="$tmp/ovana-agent.tar.gz"
  if [ -n "$LOCAL_TAR" ]; then
    [ -f "$LOCAL_TAR" ] || fail "No existe el TAR.GZ local: $LOCAL_TAR"
    cp "$LOCAL_TAR" "$pkg"
  else
    log "Descargando TAR.GZ desde: $TAR_URL"
    if command -v curl >/dev/null 2>&1; then
      curl -fL "$TAR_URL" -o "$pkg"
    elif command -v wget >/dev/null 2>&1; then
      wget -O "$pkg" "$TAR_URL"
    else
      fail "No hay curl ni wget"
    fi
  fi
  mkdir -p "$tmp/extract"
  tar -xzf "$pkg" -C "$tmp/extract"
  dir="$(find "$tmp/extract" -maxdepth 1 -type d -name 'ovana-agent-*' | head -n 1)"
  [ -n "$dir" ] || fail "TAR.GZ invalido: no contiene carpeta ovana-agent-*"
  log "Instalando agente base desde TAR.GZ..."
  timeout 420s env OVANA_SERVER_URL="$SERVER_URL" OVANA_INSTALL_USER="$TARGET_USER" bash "$dir/scripts/install.sh" --server-url "$SERVER_URL" --user "$TARGET_USER" || {
    rc=$?
    warn "install.sh termino con codigo $rc. Continuo con correcciones si /opt/ovana-agent existe."
    [ -d /opt/ovana-agent ] || exit "$rc"
  }
}

install_graphical_layers(){
  mkdir -p "$TARGET_HOME/.local/share/ovana-agent" "$TARGET_HOME/.cache/ovana-agent" "$TARGET_HOME/.config/systemd/user" "$TARGET_HOME/.config/autostart"
  chown -R "$TARGET_USER:$TARGET_USER" "$TARGET_HOME/.local" "$TARGET_HOME/.cache" "$TARGET_HOME/.config" 2>/dev/null || true

  if [ -x /opt/ovana-agent/scripts/install_desktop_bridge_layer.sh ]; then
    log "Instalando desktop bridge multi-DE..."
    timeout 180s bash /opt/ovana-agent/scripts/install_desktop_bridge_layer.sh --user "$TARGET_USER" || warn "Desktop bridge devolvio warning. Continuo."
  fi

  if [ -x /opt/ovana-agent/scripts/fix_gnome_spool_relay.sh ]; then
    log "Aplicando relay GNOME/user spool..."
    timeout 90s bash /opt/ovana-agent/scripts/fix_gnome_spool_relay.sh --user "$TARGET_USER" || warn "Relay GNOME devolvio warning. Continuo."
  fi

  if [ -x /opt/ovana-agent/scripts/fix_user_bus_session.sh ]; then
    log "Activando watcher con bus de usuario correcto..."
    timeout 90s bash /opt/ovana-agent/scripts/fix_user_bus_session.sh --user "$TARGET_USER" || warn "User bus activation devolvio warning. Continuo."
  elif [ -x ./fix_ovana_user_bus_session.sh ]; then
    timeout 90s bash ./fix_ovana_user_bus_session.sh --user "$TARGET_USER" || warn "User bus activation devolvio warning. Continuo."
  else
    warn "No encontre fix_user_bus_session.sh; intento systemctl --user basico."
    user_systemctl daemon-reload
    user_systemctl enable --now ovana-agent-session.service
    user_systemctl restart ovana-agent-session.service
  fi
}

final_restart(){
  log "Reiniciando daemon root OVANA..."
  systemctl daemon-reload || true
  systemctl enable ovana-agent || true
  systemctl restart ovana-agent || true
  sleep 3
}

validate(){
  echo
  log "VALIDACION RAPIDA"
  echo "Servidor configurado: $SERVER_URL"
  echo "Usuario grafico: $TARGET_USER"
  echo
  systemctl is-active ovana-agent >/dev/null 2>&1 && echo "[OK] ovana-agent.service activo" || echo "[WARN] ovana-agent.service no activo"
  if [ -S "$RUNTIME_DIR/bus" ]; then
    if sudo -u "$TARGET_USER" env XDG_RUNTIME_DIR="$RUNTIME_DIR" DBUS_SESSION_BUS_ADDRESS="$BUS_ADDR" systemctl --user is-active ovana-agent-session.service >/dev/null 2>&1; then
      echo "[OK] ovana-agent-session.service activo"
    else
      echo "[WARN] ovana-agent-session.service no activo aun"
    fi
  else
    echo "[WARN] Bus grafico no disponible. Cierra sesion y vuelve a entrar."
  fi
  [ -f "$TARGET_HOME/.local/share/ovana-agent/events-gnome.jsonl" ] && echo "[OK] spool GNOME existe" || echo "[INFO] spool GNOME aun no existe; cambia de ventanas para generarlo"
  [ -f /var/log/ovana-agent/ovana-agent.log ] && echo "[OK] log root existe" || echo "[WARN] log root no existe"
  echo
  echo "Comandos para revisar:"
  cat <<EOF2
sudo systemctl status ovana-agent --no-pager
sudo tail -n 150 /var/log/ovana-agent/ovana-agent.log
sudo -u $TARGET_USER env XDG_RUNTIME_DIR=$RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS=$BUS_ADDR systemctl --user status ovana-agent-session --no-pager
tail -n 150 $TARGET_HOME/.cache/ovana-agent/ovana-agent-session.log
tail -n 50 $TARGET_HOME/.local/share/ovana-agent/events-gnome.jsonl
bash /opt/ovana-agent/scripts/diagnose_desktop_capture.sh
EOF2
  echo
  warn "Si usas GNOME Wayland, cierra sesion y vuelve a entrar para que GNOME cargue la extension de titulos."
}

install_deps
clean_previous
install_tar
write_config
install_graphical_layers
final_restart
validate