#!/usr/bin/env sh
set -eu

VERSION="${SECURISTRY_VERSION:-0.4.0}"
BASE_URL="${SECURISTRY_INSTALL_BASE:-https://install.securistry.com}"
INSTALL_DIR="${SECURISTRY_HOME:-$HOME/.securistry}"
BIN_DIR="${SECURISTRY_BIN_DIR:-$HOME/.local/bin}"

say() { printf '  → %s\n' "$*"; }
err() { printf '  → %s\n' "$*" >&2; exit 1; }

command -v node >/dev/null 2>&1 || err "securistry requires Node.js 20+ (https://nodejs.org)"
NODE_MAJOR=$(node -p 'process.versions.node.split(".")[0]' 2>/dev/null || echo 0)
[ "$NODE_MAJOR" -ge 20 ] || err "securistry requires Node.js 20+ (found $(node -v 2>/dev/null || echo unknown))"

command -v curl >/dev/null 2>&1 || err "securistry installer requires curl"

mkdir -p "$INSTALL_DIR" "$BIN_DIR"

CLI_SRC="$BASE_URL/securistry-$VERSION.mjs"
curl -fsSL "$CLI_SRC" -o "$INSTALL_DIR/securistry.mjs" \
  || err "failed to download $CLI_SRC"

cat > "$BIN_DIR/securistry" <<EOF
#!/usr/bin/env sh
exec node "$INSTALL_DIR/securistry.mjs" "\$@"
EOF
chmod +x "$BIN_DIR/securistry"

say "installed securistry $VERSION"

case ":$PATH:" in
  *":$BIN_DIR:"*)
    exit 0
    ;;
esac

BEGIN_MARKER="# >>> securistry installer >>>"
END_MARKER="# <<< securistry installer <<<"

# Pick the rc file PATH belongs in. macOS Terminal.app opens login shells, so
# zprofile/bash_profile is the correct target on Darwin; Linux distros source
# zshrc/bashrc for interactive shells.
pick_profile() {
  os="$(uname -s)"
  shell_bin="${SHELL:-}"
  case "$os:$shell_bin" in
    Darwin:*/zsh)  printf '%s\n' "$HOME/.zprofile" ;;
    Darwin:*/bash) printf '%s\n' "$HOME/.bash_profile" ;;
    Linux:*/zsh)   printf '%s\n' "$HOME/.zshrc" ;;
    Linux:*/bash)  printf '%s\n' "$HOME/.bashrc" ;;
    *:*/fish)      printf '%s\n' "$HOME/.config/fish/config.fish" ;;
    *)             printf '%s\n' "$HOME/.profile" ;;
  esac
}

write_block_posix() {
  rc="$1"
  {
    printf '\n%s\n' "$BEGIN_MARKER"
    printf 'export PATH="%s:$PATH"\n' "$BIN_DIR"
    printf '%s\n' "$END_MARKER"
  } >> "$rc"
}

write_block_fish() {
  rc="$1"
  {
    printf '\n%s\n' "$BEGIN_MARKER"
    printf 'fish_add_path %s\n' "$BIN_DIR"
    printf '%s\n' "$END_MARKER"
  } >> "$rc"
}

profile="$(pick_profile)"
mkdir -p "$(dirname "$profile")"
[ -f "$profile" ] || touch "$profile"

case "$profile" in
  *fish*) writer=write_block_fish ;;
  *)      writer=write_block_posix ;;
esac

if grep -qF "$BEGIN_MARKER" "$profile" 2>/dev/null; then
  tmp_block=$(mktemp)
  "$writer" "$tmp_block"
  # awk on the rc, append the new block, swap into place
  awk -v b="$BEGIN_MARKER" -v e="$END_MARKER" '
    $0 == b { skipping = 1; next }
    skipping && $0 == e { skipping = 0; next }
    !skipping { print }
  ' "$profile" > "$tmp_block.cleaned"
  cat "$tmp_block" >> "$tmp_block.cleaned"
  mv "$tmp_block.cleaned" "$profile"
  rm -f "$tmp_block"
  say "updated securistry PATH block in $profile"
else
  "$writer" "$profile"
  say "added securistry PATH block to $profile"
fi

echo
echo "  To start using securistry now, run:"
echo "      source $profile"
echo
echo "  Or open a new terminal — new shells will pick it up automatically."