#!/usr/bin/env bash
set -euo pipefail
source "$(dirname "$0")/../scripts/lib/common.sh"
require_cmd jq

EVID_DIR="${1:?usage: backup_restore_drill_recent.sh <evidence_dir>}"
TS="$(iso_utc_now)"
FILE="$EVID_DIR/backup_restore_drill.json"

MAX_DAYS="${VMCC_MAX_RESTORE_DRILL_AGE_DAYS:-7}"

file_mtime_epoch() {
  local file="$1"
  if stat -c %Y "$file" >/dev/null 2>&1; then
    stat -c %Y "$file"
  else
    stat -f %m "$file"
  fi
}

if [[ ! -f "$FILE" ]]; then
  json_emit "$(jq -n --arg ts "$TS" '{
    version:"1.0.0",
    rule_id:"backup.restore_drill_recent",
    control_ids:["BC-01"],
    passed:false,
    severity:"MEDIUM",
    timestamp:$ts,
    evidence:[{path:"backup_restore_drill.json"}],
    details:{error:"missing evidence file"}
  }')"
  exit 0
fi

COLLECTED="$(jq -r '.collected // false' "$FILE")"
if [[ "$COLLECTED" != "true" ]]; then
  json_emit "$(jq -n --arg ts "$TS" '{
    version:"1.0.0",
    rule_id:"backup.restore_drill_recent",
    control_ids:["BC-01"],
    passed:false,
    severity:"MEDIUM",
    timestamp:$ts,
    evidence:[{path:"backup_restore_drill.json"}],
    details:{error:"no restore drill evidence found"}
  }')"
  exit 0
fi

PATH_FOUND="$(jq -r '.path // empty' "$FILE")"
if [[ -z "$PATH_FOUND" || ! -f "$PATH_FOUND" ]]; then
  json_emit "$(jq -n --arg ts "$TS" --arg p "$PATH_FOUND" '{
    version:"1.0.0",
    rule_id:"backup.restore_drill_recent",
    control_ids:["BC-01"],
    passed:false,
    severity:"MEDIUM",
    timestamp:$ts,
    evidence:[{path:"backup_restore_drill.json"}],
    details:{error:"referenced drill file missing", referenced:$p}
  }')"
  exit 0
fi

NOW_EPOCH="$(date -u +%s)"
MTIME_EPOCH="$(file_mtime_epoch "$PATH_FOUND")"
AGE_DAYS="$(( (NOW_EPOCH - MTIME_EPOCH) / 86400 ))"

if [[ "$AGE_DAYS" -le "$MAX_DAYS" ]]; then
  json_emit "$(jq -n --arg ts "$TS" --argjson age "$AGE_DAYS" '{
    version:"1.0.0",
    rule_id:"backup.restore_drill_recent",
    control_ids:["BC-01"],
    passed:true,
    severity:"MEDIUM",
    timestamp:$ts,
    evidence:[{path:"backup_restore_drill.json"}],
    details:{age_days:$age}
  }')"
else
  json_emit "$(jq -n --arg ts "$TS" --argjson age "$AGE_DAYS" --argjson max "$MAX_DAYS" '{
    version:"1.0.0",
    rule_id:"backup.restore_drill_recent",
    control_ids:["BC-01"],
    passed:false,
    severity:"MEDIUM",
    timestamp:$ts,
    evidence:[{path:"backup_restore_drill.json"}],
    details:{error:"restore drill too old", age_days:$age, max_days:$max}
  }')"
fi