package main

import (
	"encoding/base64"
	"log/slog"
	"os"

	"gitea.songhuwan.com/actions/docker-compose-updater/internal/auth"
	"gitea.songhuwan.com/actions/docker-compose-updater/internal/config"
	"gitea.songhuwan.com/actions/docker-compose-updater/internal/docker"
	"gitea.songhuwan.com/actions/docker-compose-updater/internal/server"
)

// 构建时注入：-ldflags="-X main.publicKeyBase64=$(base64 -w0 < keys/signing-public.pem)"
var publicKeyBase64 string

func main() {
	cfg := config.Load()

	var logLevel slog.Level
	switch cfg.LogLevel {
	case "debug":
		logLevel = slog.LevelDebug
	case "warn":
		logLevel = slog.LevelWarn
	case "error":
		logLevel = slog.LevelError
	default:
		logLevel = slog.LevelInfo
	}
	slog.SetDefault(slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: logLevel})))

	if publicKeyBase64 == "" {
		slog.Error("public key not set - build with -ldflags")
		os.Exit(1)
	}
	pemBytes, err := base64.StdEncoding.DecodeString(publicKeyBase64)
	if err != nil {
		slog.Error("decode public key", "error", err)
		os.Exit(1)
	}
	pubKey, err := auth.ParseECDSAPublicKey(pemBytes)
	if err != nil {
		slog.Error("parse public key", "error", err)
		os.Exit(1)
	}
	slog.Info("public key loaded")

	updater := docker.NewUpdater(cfg.DockerPullTimeout, cfg.DockerRestartTimeout)

	srv := server.New(
		cfg.Listen,
		pubKey,
		updater,
		cfg.SessionTTL,
		cfg.NonceTTL,
		cfg.TimestampWindow,
	)

	slog.Info("starting server", "addr", cfg.Listen)
	if err := srv.Start(); err != nil {
		slog.Error("server exited", "error", err)
		os.Exit(1)
	}
}