#!/bin/bash
set -euo pipefail

PMA_PASS_FILE="/var/lib/jelastic/keys/pma_root_pass"
PMA_CONFIG="/etc/phpMyAdmin/config.inc.php"

# Ensures phpMyAdmin config is set for automatic login with the given password
ensure_pma_config() {
    local password="$1"
    echo "🔧 Ensuring phpMyAdmin config is up-to-date..."
    
    # Use a different delimiter for sed to handle special characters in the password
    sudo sed -i "s|\(\['password'\]\s*=\s*'\)[^']*'|\1$password'|" "$PMA_CONFIG"

    if ! sudo grep -q "\['auth_type'\]" "$PMA_CONFIG"; then
        echo "\$cfg['Servers'][\$i]['auth_type'] = 'config';" | sudo tee -a "$PMA_CONFIG" > /dev/null
    else
        sudo sed -i "s/\(\['auth_type'\]\s*=\s*'\)[^']*'/\1config'/" "$PMA_CONFIG"
    fi
    if ! sudo grep -q "\['user'\]" "$PMA_CONFIG"; then
        echo "\$cfg['Servers'][\$i]['user'] = 'root';" | sudo tee -a "$PMA_CONFIG" > /dev/null
    else
        sudo sed -i "s/\(\['user'\]\s*=\s*'\)[^']*'/\1root'/" "$PMA_CONFIG"
    fi
}

# If password file exists, just re-apply the config. This is the fast, idempotent path.
if [ -f "$PMA_PASS_FILE" ] && [ -s "$PMA_PASS_FILE" ]; then
    echo "🔑 Root password file found. Re-configuring phpMyAdmin without DB reset."
    stored_password=$(sudo cat "$PMA_PASS_FILE")
    ensure_pma_config "$stored_password"
    exit 0
fi

# --- First time execution: Full password reset ---
echo "🔑 Root password file not found. Performing first-time password reset."

# Generate a secure password
new_password=$(openssl rand -base64 12)

# Stop MariaDB
echo "🛑 Stopping MariaDB service..."
sudo systemctl stop mariadb
sleep 3

# Start MariaDB in safe mode
echo "🔧 Starting MariaDB in safe mode (skip-grant-tables)..."
sudo mysqld_safe --skip-grant-tables --skip-networking --skip-name-resolve &
PID=$!
sleep 5

# Check if mysqld is running
if ! ps -p $PID > /dev/null; then
    echo "❌ Failed to start mysqld_safe. Exiting."
    exit 1
fi

# Reset root password
echo "🔄 Resetting root password..."
mysql -u root << EOF
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$new_password';
ALTER USER 'root'@'127.0.0.1' IDENTIFIED BY '$new_password';
FLUSH PRIVILEGES;
EOF

# Check if reset succeeded
if [ $? -ne 0 ]; then
    echo "❌ Failed to reset password. Cleaning up..."
    sudo pkill -f mysqld
    exit 1
fi

# Stop safe mode
echo "🛑 Stopping safe mode..."
sudo pkill -f mysqld_safe
sudo pkill -f mysqld
sleep 3

# Start MariaDB normally
echo "🟢 Starting MariaDB normally..."
sudo systemctl start mariadb

if sudo systemctl is-active --quiet mariadb; then
    echo "✅ MariaDB is running."
    ensure_pma_config "$new_password"
    
    # Save the new password for future runs
    echo "$new_password" | sudo tee "$PMA_PASS_FILE" > /dev/null
    sudo chmod 600 "$PMA_PASS_FILE"
    sudo chown root:root "$PMA_PASS_FILE"
    echo "✅ New root password securely stored for future runs."
else
    echo "❌ Failed to start MariaDB. Run: sudo systemctl status mariadb"
    exit 1
fi