#!/usr/bin/perl

# Copyright 2015 Red Hat
# Copyright 2015-2020 SUSE LLC
# SPDX-License-Identifier: GPL-2.0-or-later

use Mojo::Base -signatures;

use FindBin qw($RealBin);
use lib "$RealBin/../lib";

use OpenQA::Schema::Result::ApiKeys;
use OpenQA::Schema;
use OpenQA::Utils 'random_hex';
use Getopt::Long::Descriptive;

my ($opt, $usage) = describe_options(
    <<"EOM",
$0 %o <user>

Create the initial admin account. The mandatory <user> argument is the
user ID (e.g. an OpenID URL).
EOM
    ['email|e=s', 'Email address', {default => 'admin@example.com'}],
    ['nickname|n=s', 'Nickname', {default => 'admin'}],
    ['fullname|f=s', 'Full name', {default => 'Administrator'}],
    ['key|k=s', 'API key (will be randomly generated if not set)', {default => ''}],
    ['secret|s=s', 'API secret (will be randomly generated if not set)', {default => ''}],
    ['help|h', 'Print usage message and exit', {shortcircuit => 1}],
);

if ($opt->help) {
    print $usage->text;
    exit 0;
}

my $user = shift @ARGV;
unless ($user) {
    print STDERR $usage->text;
    exit 1;
}

my $key = $opt->key;
my $secret = $opt->secret;
if (($key || $secret) && !($key =~ /^[[:xdigit:]]{16}$/ && $secret =~ /^[[:xdigit:]]{16}$/)) {
    die "--key and --secret must both be 16 digit hexadecimals.\n";
}

unless ($key) {
    $key = random_hex();
    $secret = random_hex();
    print "Key: $key\n";
    print "Secret: $secret\n";
}

my $schema = OpenQA::Schema::connect_db(deploy => 0, silent => 1, from_script => 1);
my @admins = $schema->resultset('Users')->search({is_admin => 1});
if (scalar @admins != 0) {
    warn "An admin user already exists! Use client or web UI to create further users.\n";
    exit 1;
}
my $account = $schema->resultset('Users')->create_user(
    $user,
    email => $opt->email,
    nickname => $opt->nickname,
    fullname => $opt->fullname,
    is_admin => 1
);

$schema->resultset('ApiKeys')->create({user_id => $account->id, key => $key, secret => $secret});
