#!/bin/bash
# Generate secure .env file for Directus deployment

set -e

ENV_FILE="${1:-/home/jeffe/Github/katheryn-website/directus/.env}"

if [ -f "$ENV_FILE" ]; then
    echo "Warning: $ENV_FILE already exists"
    read -p "Overwrite? (y/N): " confirm
    if [ "$confirm" != "y" ] && [ "$confirm" != "Y" ]; then
        echo "Aborted"
        exit 1
    fi
fi

# Generate secure random values
DB_PASSWORD=$(openssl rand -base64 24 | tr -dc 'a-zA-Z0-9' | head -c 32)
ADMIN_PASSWORD=$(openssl rand -base64 24 | tr -dc 'a-zA-Z0-9' | head -c 24)
DIRECTUS_SECRET=$(openssl rand -hex 32)

cat > "$ENV_FILE" << EOF
# Database
DB_USER=directus
DB_PASSWORD=${DB_PASSWORD}
DB_DATABASE=katheryn

# Directus Admin
ADMIN_EMAIL=katheryn@katheryntrenshaw.com
ADMIN_PASSWORD=${ADMIN_PASSWORD}

# Security
DIRECTUS_SECRET=${DIRECTUS_SECRET}
EOF

chmod 600 "$ENV_FILE"

echo "Generated $ENV_FILE with secure credentials"
echo ""
echo "Admin login:"
echo "  Email: katheryn@katheryntrenshaw.com"
echo "  Password: ${ADMIN_PASSWORD}"
echo ""
echo "SAVE THESE CREDENTIALS SECURELY!"