#!/bin/bash

# ================= 1. å…¨å±€è®¾ç½® =================
set -e
set -o pipefail
set -u

# ================= 2. é¢œè‰²ä¸Žæ—¥å¿—å‡½æ•°å®šä¹‰ =================
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color

log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
log_step() { echo -e "${BLUE}[STEP]${NC} $1"; }
log_success() { echo -e "${CYAN}[OK]${NC} $1"; }

# æ£€æŸ¥å¹¶å®‰è£…sshpass|jq
for pkg in sshpass jq; do
    if ! command -v $pkg &> /dev/null; then
        log_warn "æœªæ‰¾åˆ° $pkgï¼Œæ­£åœ¨å®‰è£…..."
        
        if command -v apt &> /dev/null; then
            sudo apt update >/dev/null 2>&1 && sudo apt install -y $pkg >/dev/null 2>&1
        elif command -v yum &> /dev/null; then
            sudo yum install -y $pkg >/dev/null 2>&1
        elif command -v dnf &> /dev/null; then
            sudo dnf install -y $pkg >/dev/null 2>&1
        else
            log_error "è¯·æ‰‹åŠ¨å®‰è£… $pkg"
            exit 1
        fi
        
        log_success "$pkg å®‰è£…å®Œæˆ"
    fi
done

# ================= 3. æ ¸å¿ƒå‡½æ•°å®šä¹‰ =================

# å‡½æ•°ï¼šèŽ·å–è¿œç¨‹æ–‡ä»¶çš„ SHA256 å€¼
get_remote_sha256() {
    local SUM_URL=$1
    local SUM_FILE=$(basename "$SUM_URL")
    local TEMP_SUM="/tmp/${SUM_FILE}.$$" # ä½¿ç”¨è¿›ç¨‹IDé¿å…å†²çª
    
    # ä¸‹è½½æ ¡éªŒå’Œæ–‡ä»¶ (é™é»˜)
    if ! curl -sL -o "$TEMP_SUM" "$SUM_URL" 2>/dev/null; then
        log_error "æ— æ³•ä¸‹è½½æ ¡éªŒå’Œæ–‡ä»¶: $SUM_URL"
        rm -f "$TEMP_SUM"
        return 1
    fi
    
    # æå–å“ˆå¸Œå€¼
    local HASH=$(awk '{print $1}' "$TEMP_SUM")
    rm -f "$TEMP_SUM"
    
    if [ -z "$HASH" ]; then
        log_error "æ— æ³•ä»Žæ ¡éªŒå’Œæ–‡ä»¶ä¸­è§£æžå“ˆå¸Œå€¼"
        return 1
    fi
    
    echo "$HASH"
}

# å‡½æ•°ï¼šæ™ºèƒ½ä¸‹è½½å¹¶æ ¡éªŒ
download_and_verify() {
    local BIN_URL=$1
    local SUM_URL=$2
    local FILENAME=$3
    
    log_step "í ½í´ æ­£åœ¨æ£€æŸ¥ ${FILENAME} çš„å®Œæ•´æ€§..."

    # 1. èŽ·å–è¿œç¨‹æ­£ç¡®çš„ SHA256
    local REMOTE_SHA
    REMOTE_SHA=$(get_remote_sha256 "$SUM_URL")
    local GET_HASH_STATUS=$?
    
    if [ $GET_HASH_STATUS -ne 0 ] || [ -z "$REMOTE_SHA" ]; then
        log_warn "âš ï¸  æ— æ³•èŽ·å–è¿œç¨‹å“ˆå¸Œï¼Œå°†è·³è¿‡ç‰ˆæœ¬æ¯”å¯¹ï¼Œå¼ºåˆ¶é‡æ–°ä¸‹è½½ ${FILENAME}..."
        REMOTE_SHA=""
    else
        log_info "   í ½í³ è¿œç¨‹ç‰ˆæœ¬å“ˆå¸Œ: ${REMOTE_SHA:0:16}..."
    fi

    # 2. æ£€æŸ¥æœ¬åœ°æ–‡ä»¶æ˜¯å¦å­˜åœ¨ä¸”åŒ¹é…
    local NEED_DOWNLOAD=true
    
    if [ -f "$FILENAME" ]; then
        local LOCAL_SHA=$(sha256sum "$FILENAME" | awk '{print $1}')
        log_info "   í ½í³ æœ¬åœ°ç‰ˆæœ¬å“ˆå¸Œ: ${LOCAL_SHA:0:16}..."
        
        if [ -n "$REMOTE_SHA" ] && [ "$LOCAL_SHA" == "$REMOTE_SHA" ]; then
            log_info "âœ… ${FILENAME} æ ¡éªŒé€šè¿‡ï¼Œæ— éœ€ä¸‹è½½ã€‚"
            NEED_DOWNLOAD=false
        else
            if [ -z "$REMOTE_SHA" ]; then
                log_warn "âš ï¸  ${FILENAME} å­˜åœ¨ä½†æ— æ³•éªŒè¯è¿œç¨‹ç‰ˆæœ¬ï¼Œä¸ºç¡®ä¿ä¸€è‡´æ€§ï¼Œå‡†å¤‡æ›´æ–°..."
            else
                log_warn "âš ï¸  ${FILENAME} å“ˆå¸Œä¸åŒ¹é…ï¼Œå‡†å¤‡æ›´æ–°..."
            fi
        fi
    else
        log_info "   í ½í³‚ æœ¬åœ°æ–‡ä»¶ä¸å­˜åœ¨ã€‚"
    fi

    # 3. å¦‚æžœéœ€è¦ä¸‹è½½
    if [ "$NEED_DOWNLOAD" == true ]; then
        log_info "í ½í³¥ æ­£åœ¨ä¸‹è½½ ${FILENAME} ..."
        
        # ä½¿ç”¨ curl ä¸‹è½½ï¼Œæ˜¾ç¤ºè¿›åº¦æ¡ (-#), è·Ÿéšé‡å®šå‘ (-L)
        if ! curl -L# -o "$FILENAME" "$BIN_URL"; then
            log_error "âŒ ä¸‹è½½ ${FILENAME} å¤±è´¥!"
            rm -f "$FILENAME" # æ¸…ç†å¯èƒ½æŸåçš„éƒ¨åˆ†æ–‡ä»¶
            exit 1
        fi
        
        # 4. ä¸‹è½½åŽå†æ¬¡æ ¡éªŒ
        log_info "í ½í´’ æ­£åœ¨æ ¡éªŒä¸‹è½½æ–‡ä»¶çš„å®Œæ•´æ€§..."
        local NEW_LOCAL_SHA=$(sha256sum "$FILENAME" | awk '{print $1}')
        
        if [ -n "$REMOTE_SHA" ] && [ "$NEW_LOCAL_SHA" != "$REMOTE_SHA" ]; then
            log_error "âŒ ä¸‹è½½åŽçš„æ–‡ä»¶å“ˆå¸Œæ ¡éªŒå¤±è´¥!"
            log_error "   æœŸæœ›: $REMOTE_SHA"
            log_error "   å®žé™…: $NEW_LOCAL_SHA"
            log_error "   æ–‡ä»¶å¯èƒ½å·²æŸåæˆ–è¢«ç¯¡æ”¹ï¼Œåˆ é™¤ä¸´æ—¶æ–‡ä»¶å¹¶é€€å‡ºã€‚"
            rm -f "$FILENAME"
            exit 1
        else
            log_info "âœ… ${FILENAME} ä¸‹è½½æˆåŠŸä¸”æ ¡éªŒé€šè¿‡!"
            chmod +x "$FILENAME"
            log_info "   í ½í´¨ å·²æ·»åŠ æ‰§è¡Œæƒé™ã€‚"
        fi
    fi
}

# ================= 4. ä¸»æ‰§è¡Œæµç¨‹ =================

echo "========================================"
log_step "í ½í³¦ é˜¶æ®µ 0: å‡†å¤‡æœ¬åœ°äºŒè¿›åˆ¶æ–‡ä»¶ (MinIO & MC)"
echo "========================================"

# å®šä¹‰èµ„æº
MINIO_BIN="minio"
MC_BIN="mc"
SERVICE_FILE="minio.service"

# URL å®šä¹‰
MINIO_URL="https://zhengyu1992.cn/file/software/minio/minio"
MINIO_SUM_URL="https://zhengyu1992.cn/file/software/minio/minio.sha256sum"
MC_URL="https://zhengyu1992.cn/file/software/minio/mc"
MC_SUM_URL="https://zhengyu1992.cn/file/software/minio/mc.sha256sum"

# å®˜æ–¹çš„minioæ–‡ä»¶
#MINIO_URL="https://dl.min.io/server/minio/release/linux-amd64/minio"
#MINIO_SUM_URL="https://dl.min.io/server/minio/release/linux-amd64/minio.sha256sum"
#MC_URL="https://dl.min.io/client/mc/release/linux-amd64/mc"
#MC_SUM_URL="https://dl.min.io/client/mc/release/linux-amd64/mc.sha256sum"

# 1. ä¸‹è½½ MinIO
download_and_verify "$MINIO_URL" "$MINIO_SUM_URL" "$MINIO_BIN"

# 2. ä¸‹è½½ MC å®¢æˆ·ç«¯
download_and_verify "$MC_URL" "$MC_SUM_URL" "$MC_BIN"
cp mc /usr/local/bin/mc

# 3. å¤„ç† Service æ–‡ä»¶
echo "----------------------------------------"
if [ ! -f "$SERVICE_FILE" ]; then
    log_warn "âš ï¸  æœ¬åœ°ç¼ºå°‘ ${SERVICE_FILE}ï¼Œæ­£åœ¨ç”Ÿæˆé»˜è®¤é…ç½®..."
    cat > "$SERVICE_FILE" << 'EOF'
[Unit]
Description=MinIO
Documentation=https://min-io.cn/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local

User=minio
Group=minio
ProtectProc=invisible

EnvironmentFile=/etc/minio/minio.env
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/minio/minio.env\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

Restart=always

LimitNOFILE=65536

TasksMax=infinity

TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target
EOF
    log_info "âœ… ${SERVICE_FILE} å·²ç”Ÿæˆã€‚"
else
    log_info "âœ… ${SERVICE_FILE} å·²å­˜åœ¨ï¼Œè·³è¿‡ç”Ÿæˆã€‚"
fi

echo "========================================"
log_info "í ¼í¾‰ æœ¬åœ°æ–‡ä»¶å‡†å¤‡å°±ç»ªï¼"
log_info "   - äºŒè¿›åˆ¶æ–‡ä»¶: minio, mc"
log_info "   - æœåŠ¡é…ç½®: minio.service"
log_info "í ½í²¡ ä¸‹ä¸€æ­¥è¯·è¿è¡Œ: ./2.deploy_keys.sh"
log_info "í ½íº€ çŽ°åœ¨å¯ä»¥è¿è¡Œéƒ¨ç½²è„šæœ¬ 2.deploy_keys.sh è¿›è¡Œå¯†é’¥éƒ¨ç½²"
echo "========================================"

exit 0