#!/bin/bash
#
# LogWhispererAI - Workflow Test Script
# Verifica che il workflow n8n risponda correttamente
#

set -euo pipefail

N8N_URL="${N8N_URL:-http://192.168.254.12:5678}"
WEBHOOK_PATH="/webhook/logwhisperer/ingest"
CLIENT_SECRET="${CLIENT_SECRET:-test-secret-32-chars-long-minimum}"

# Colori per output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

# Funzione per generare HMAC
generate_hmac() {
    local payload="$1"
    local timestamp="$2"
    local secret="$3"
    
    printf '%s:%s' "$timestamp" "$payload" | \
        openssl dgst -sha256 -hmac "$secret" | \
        sed 's/^.* //'
}

# Test 1: HMAC Valido
test_valid_hmac() {
    log_info "Test 1: Invio log con HMAC valido..."
    
    local timestamp
    timestamp=$(date +%s)
    
    local payload
    payload=$(cat <<EOF
{
    "client_id": "550e8400-e29b-41d4-a716-446655440000",
    "hostname": "test-server",
    "source": "/var/log/syslog",
    "severity": "critical",
    "raw_log": "Apr 2 10:30:00 kernel: Out of memory",
    "matched_pattern": "OOM"
}
EOF
)
    
    local signature
    signature=$(generate_hmac "$payload" "$timestamp" "$CLIENT_SECRET")
    
    local response
    response=$(curl -s -w "\n%{http_code}" -X POST "${N8N_URL}${WEBHOOK_PATH}" \
        -H "Content-Type: application/json" \
        -H "X-LogWhisperer-Signature: ${timestamp}:${signature}" \
        -H "X-LogWhisperer-Timestamp: ${timestamp}" \
        -d "$payload" || echo "000")
    
    local http_code
    http_code=$(echo "$response" | tail -n1)
    local body
    body=$(echo "$response" | sed '$d')
    
    if [[ "$http_code" == "200" ]]; then
        log_info "✓ Test 1 PASSATO: Risposta 200 OK"
        echo "  Risposta: $body"
        return 0
    else
        log_error "✗ Test 1 FALLITO: Atteso 200, ricevuto $http_code"
        echo "  Risposta: $body"
        return 1
    fi
}

# Test 2: HMAC Invalido
test_invalid_hmac() {
    log_info "Test 2: Invio log con HMAC invalido..."
    
    local timestamp
    timestamp=$(date +%s)
    
    local payload
    payload=$(cat <<EOF
{
    "client_id": "550e8400-e29b-41d4-a716-446655440000",
    "severity": "critical",
    "raw_log": "test error"
}
EOF
)
    
    local response
    response=$(curl -s -w "\n%{http_code}" -X POST "${N8N_URL}${WEBHOOK_PATH}" \
        -H "Content-Type: application/json" \
        -H "X-LogWhisperer-Signature: invalid-signature" \
        -H "X-LogWhisperer-Timestamp: ${timestamp}" \
        -d "$payload" || echo "000")
    
    local http_code
    http_code=$(echo "$response" | tail -n1)
    
    if [[ "$http_code" == "401" ]]; then
        log_info "✓ Test 2 PASSATO: Risposta 401 Unauthorized (atteso)"
        return 0
    else
        log_error "✗ Test 2 FALLITO: Atteso 401, ricevuto $http_code"
        return 1
    fi
}

# Test 3: Dati invalidi (client_id non UUID)
test_invalid_data() {
    log_info "Test 3: Invio log con dati invalidi (client_id non UUID)..."
    
    local timestamp
    timestamp=$(date +%s)
    
    local payload
    payload=$(cat <<EOF
{
    "client_id": "not-a-uuid",
    "severity": "critical",
    "raw_log": "test error"
}
EOF
)
    
    local signature
    signature=$(generate_hmac "$payload" "$timestamp" "$CLIENT_SECRET")
    
    local response
    response=$(curl -s -w "\n%{http_code}" -X POST "${N8N_URL}${WEBHOOK_PATH}" \
        -H "Content-Type: application/json" \
        -H "X-LogWhisperer-Signature: ${timestamp}:${signature}" \
        -H "X-LogWhisperer-Timestamp: ${timestamp}" \
        -d "$payload" || echo "000")
    
    local http_code
    http_code=$(echo "$response" | tail -n1)
    
    if [[ "$http_code" == "400" ]]; then
        log_info "✓ Test 3 PASSATO: Risposta 400 Bad Request (atteso)"
        return 0
    else
        log_error "✗ Test 3 FALLITO: Atteso 400, ricevuto $http_code"
        return 1
    fi
}

# Test 4: Severity=medium (non dovrebbe triggerare AI)
test_medium_severity() {
    log_info "Test 4: Invio log con severity=medium..."
    
    local timestamp
    timestamp=$(date +%s)
    
    local payload
    payload=$(cat <<EOF
{
    "client_id": "550e8400-e29b-41d4-a716-446655440001",
    "hostname": "test-server",
    "source": "/var/log/syslog",
    "severity": "medium",
    "raw_log": "Normal operation log",
    "matched_pattern": "INFO"
}
EOF
)
    
    local signature
    signature=$(generate_hmac "$payload" "$timestamp" "$CLIENT_SECRET")
    
    local response
    response=$(curl -s -w "\n%{http_code}" -X POST "${N8N_URL}${WEBHOOK_PATH}" \
        -H "Content-Type: application/json" \
        -H "X-LogWhisperer-Signature: ${timestamp}:${signature}" \
        -H "X-LogWhisperer-Timestamp: ${timestamp}" \
        -d "$payload" || echo "000")
    
    local http_code
    http_code=$(echo "$response" | tail -n1)
    
    if [[ "$http_code" == "200" ]]; then
        log_info "✓ Test 4 PASSATO: Risposta 200 OK (no AI trigger)"
        return 0
    else
        log_error "✗ Test 4 FALLITO: Atteso 200, ricevuto $http_code"
        return 1
    fi
}

# Main
main() {
    echo "=========================================="
    echo "LogWhispererAI - Workflow Test Suite"
    echo "Target: ${N8N_URL}"
    echo "=========================================="
    echo ""
    
    # Verifica dipendenze
    if ! command -v curl &> /dev/null; then
        log_error "curl non trovato. Installare curl."
        exit 1
    fi
    
    if ! command -v openssl &> /dev/null; then
        log_error "openssl non trovato. Installare openssl."
        exit 1
    fi
    
    local failed=0
    
    # Esegui test
    test_valid_hmac || failed=$((failed + 1))
    echo ""
    
    test_invalid_hmac || failed=$((failed + 1))
    echo ""
    
    test_invalid_data || failed=$((failed + 1))
    echo ""
    
    test_medium_severity || failed=$((failed + 1))
    echo ""
    
    # Report finale
    echo "=========================================="
    if [[ $failed -eq 0 ]]; then
        log_info "Tutti i test PASSATI! ✓"
        exit 0
    else
        log_error "$failed test FALLITI! ✗"
        exit 1
    fi
}

main "$@"