#!/bin/bash

# 情绪博物馆快速部署脚本
# 适用于服务器快速部署

set -e

# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

log_step() {
    echo -e "${BLUE}[STEP]${NC} $1"
}

# 检查系统环境
check_system() {
    log_step "检查系统环境..."
    
    # 检查操作系统
    if [[ "$OSTYPE" == "linux-gnu"* ]]; then
        log_info "检测到Linux系统"
    elif [[ "$OSTYPE" == "darwin"* ]]; then
        log_info "检测到macOS系统"
    else
        log_warn "未知操作系统: $OSTYPE"
    fi
    
    # 检查Docker
    if ! command -v docker &> /dev/null; then
        log_error "Docker未安装，正在安装..."
        install_docker
    else
        log_info "Docker已安装: $(docker --version)"
    fi
    
    # 检查Docker Compose
    if ! command -v docker-compose &> /dev/null; then
        log_error "Docker Compose未安装，正在安装..."
        install_docker_compose
    else
        log_info "Docker Compose已安装: $(docker-compose --version)"
    fi
}

# 安装Docker
install_docker() {
    if [[ "$OSTYPE" == "linux-gnu"* ]]; then
        # Ubuntu/Debian
        if command -v apt-get &> /dev/null; then
            log_info "在Ubuntu/Debian上安装Docker..."
            sudo apt-get update
            sudo apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release
            curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
            echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
            sudo apt-get update
            sudo apt-get install -y docker-ce docker-ce-cli containerd.io
        # CentOS/RHEL
        elif command -v yum &> /dev/null; then
            log_info "在CentOS/RHEL上安装Docker..."
            sudo yum install -y yum-utils
            sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
            sudo yum install -y docker-ce docker-ce-cli containerd.io
        fi
        
        # 启动Docker服务
        sudo systemctl start docker
        sudo systemctl enable docker
        
        # 添加用户到docker组
        sudo usermod -aG docker $USER
        log_warn "请重新登录以使docker组权限生效"
    else
        log_error "请手动安装Docker: https://docs.docker.com/get-docker/"
        exit 1
    fi
}

# 安装Docker Compose
install_docker_compose() {
    log_info "安装Docker Compose..."
    sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose
}

# 配置防火墙
configure_firewall() {
    log_step "配置防火墙..."
    
    if command -v ufw &> /dev/null; then
        log_info "配置UFW防火墙..."
        sudo ufw allow 80/tcp
        sudo ufw allow 443/tcp
        sudo ufw allow 8848/tcp  # Nacos
        sudo ufw allow 9000/tcp  # Gateway
        log_info "防火墙配置完成"
    elif command -v firewall-cmd &> /dev/null; then
        log_info "配置firewalld防火墙..."
        sudo firewall-cmd --permanent --add-port=80/tcp
        sudo firewall-cmd --permanent --add-port=443/tcp
        sudo firewall-cmd --permanent --add-port=8848/tcp
        sudo firewall-cmd --permanent --add-port=9000/tcp
        sudo firewall-cmd --reload
        log_info "防火墙配置完成"
    else
        log_warn "未检测到防火墙，请手动开放端口: 80, 443, 8848, 9000"
    fi
}

# 优化系统参数
optimize_system() {
    log_step "优化系统参数..."
    
    # 增加文件描述符限制
    echo "* soft nofile 65536" | sudo tee -a /etc/security/limits.conf
    echo "* hard nofile 65536" | sudo tee -a /etc/security/limits.conf
    
    # 优化内核参数
    cat << EOF | sudo tee -a /etc/sysctl.conf
# 情绪博物馆优化参数
vm.max_map_count=262144
net.core.somaxconn=65535
net.ipv4.tcp_max_syn_backlog=65535
net.core.netdev_max_backlog=5000
EOF
    
    sudo sysctl -p
    log_info "系统参数优化完成"
}

# 创建SSL证书目录
setup_ssl() {
    log_step "设置SSL证书..."
    
    mkdir -p deploy/nginx/ssl
    
    # 生成自签名证书（仅用于测试）
    if [ ! -f "deploy/nginx/ssl/emotion-museum.crt" ]; then
        log_info "生成自签名SSL证书..."
        openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
            -keyout deploy/nginx/ssl/emotion-museum.key \
            -out deploy/nginx/ssl/emotion-museum.crt \
            -subj "/C=CN/ST=Beijing/L=Beijing/O=EmotionMuseum/CN=emotion-museum.com"
        log_warn "已生成自签名证书，生产环境请使用正式证书"
    fi
}

# 设置环境变量
setup_environment() {
    log_step "设置环境变量..."
    
    # 创建.env文件
    cat > .env << EOF
# 数据库配置
MYSQL_ROOT_PASSWORD=123456
MYSQL_DATABASE=emotion_museum
MYSQL_USER=emotion
MYSQL_PASSWORD=emotion123

# Redis配置
REDIS_PASSWORD=

# Nacos配置
NACOS_AUTH_ENABLE=false

# 应用配置
SPRING_PROFILES_ACTIVE=docker
TZ=Asia/Shanghai

# Coze API配置 (与开发环境一致)
COZE_API_TOKEN=pat_GCR4qKzqpf90wMCvKsldMrB18KG3QsLDci65bZthssKsbLxu8X70BKYumleDcabO
EOF
    
    log_info "环境变量配置完成"
    log_warn "请编辑.env文件，设置正确的Coze API Token"
}

# 主部署流程
main() {
    echo "🚀 开始快速部署情绪博物馆..."
    echo ""
    
    check_system
    configure_firewall
    optimize_system
    setup_ssl
    setup_environment
    
    log_step "开始容器部署..."
    chmod +x deploy.sh
    ./deploy.sh
    
    echo ""
    log_info "🎉 快速部署完成！"
    echo ""
    echo "📝 后续步骤："
    echo "1. 编辑.env文件，设置正确的Coze API Token"
    echo "2. 如需HTTPS，请替换deploy/nginx/ssl/目录下的证书文件"
    echo "3. 根据需要修改deploy/nginx/conf.d/emotion-museum.conf中的域名"
    echo "4. 重启服务: docker-compose restart"
    echo ""
    echo "🔗 访问地址："
    echo "   HTTP:  http://$(hostname -I | awk '{print $1}')"
    echo "   HTTPS: https://$(hostname -I | awk '{print $1}') (自签名证书)"
    echo ""
}

# 处理命令行参数
case "${1:-}" in
    "install-docker")
        install_docker
        ;;
    "install-compose")
        install_docker_compose
        ;;
    "setup-ssl")
        setup_ssl
        ;;
    "setup-env")
        setup_environment
        ;;
    *)
        main
        ;;
esac