#!/usr/bin/env bash
set -euo pipefail

# === METADATA ===
SCRIPT_NAME="$(basename "$0")"

# === CONFIGURATION ===
: "${NODE_NAME:=node-a}"
: "${TUNNEL_NAME:=$NODE_NAME-tunnel}"

# === FUNCTIONS ===
log_info()  { echo "[INFO]  $(date -Iseconds) $*"; }
log_warn()  { echo "[WARN]  $(date -Iseconds) $*" >&2; }
log_error() { echo "[ERROR] $(date -Iseconds) $*" >&2; }

main() {
    log_info "Starting $SCRIPT_NAME - ROLLBACK tunnel..."

    echo ""
    echo "============================================"
    echo "  TUNNEL ROLLBACK"
    echo "  Tunnel: $TUNNEL_NAME"
    echo "============================================"
    echo ""
    echo "This will:"
    echo "  - Stop and disable the systemd service"
    echo "  - Delete the tunnel from Cloudflare"
    echo "  - Remove local credential and config files"
    echo "  - Remove tunnel ID from pass (if stored)"
    echo ""

    read -p "Type 'CONFIRM' to proceed: " confirm

    if [[ "$confirm" != "CONFIRM" ]]; then
        log_info "Aborted - no changes made"
        exit 0
    fi

    # Stop and disable service
    log_info "Stopping systemd service..."
    systemctl --user stop "cloudflared-$TUNNEL_NAME" 2>/dev/null || true
    systemctl --user disable "cloudflared-$TUNNEL_NAME" 2>/dev/null || true
    rm -f "$HOME/.config/systemd/user/cloudflared-$TUNNEL_NAME.service" 2>/dev/null || true
    systemctl --user daemon-reload 2>/dev/null || true
    log_info "Service stopped and disabled"

    # Delete tunnel from Cloudflare
    log_info "Deleting tunnel from Cloudflare..."
    if cloudflared tunnel delete "$TUNNEL_NAME" 2>/dev/null; then
        log_info "Tunnel deleted from Cloudflare"
    else
        log_warn "Could not delete tunnel - may need manual cleanup"
        log_warn "Check: https://dash.cloudflare.com -> Zero Trust -> Tunnels"
    fi

    # Remove local files
    log_info "Removing local files..."
    rm -f "$HOME/.cloudflared/$TUNNEL_NAME.json"
    rm -f "$HOME/.cloudflared/config-$TUNNEL_NAME.yml"
    log_info "Local files removed"

    # Remove from pass
    if command -v pass &>/dev/null && [[ -d "$HOME/.password-store" ]]; then
        log_info "Removing tunnel ID from pass..."
        pass rm -f "infrastructure/cloudflare/tunnel-id" 2>/dev/null || true
    fi

    echo ""
    echo "============================================"
    echo "  TUNNEL ROLLBACK COMPLETE"
    echo "============================================"
    echo ""
    echo "Note: DNS records may still exist in Cloudflare."
    echo "Remove them manually if needed:"
    echo "  https://dash.cloudflare.com -> DNS"
    echo ""

    log_info "Completed $SCRIPT_NAME"
}

[[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@"