#!/usr/bin/env bash
set -euo pipefail

if [[ -z "${TEST_DATABASE_URL:-}" ]]; then
  echo "TEST_DATABASE_URL is required."
  exit 1
fi

EXPECTED_PROD_DB_NAME="${EXPECTED_PROD_DB_NAME:-skymoney}"
PROTECTED_DB_NAMES="${PROTECTED_DB_NAMES:-$EXPECTED_PROD_DB_NAME,postgres,template0,template1}"
REQUIRE_TEST_DB_NAME="${REQUIRE_TEST_DB_NAME:-1}"

extract_db() {
  local url="$1"
  sed -E 's#^[a-zA-Z][a-zA-Z0-9+.-]*://[^/]+/([^?]+).*$#\1#' <<< "$url"
}

extract_host() {
  local url="$1"
  sed -E 's#^[a-zA-Z][a-zA-Z0-9+.-]*://[^@/]+@([^/:?]+).*$#\1#' <<< "$url"
}

TEST_DB_NAME="$(extract_db "$TEST_DATABASE_URL")"
if [[ "$TEST_DB_NAME" == "$TEST_DATABASE_URL" || -z "$TEST_DB_NAME" ]]; then
  echo "Unable to parse TEST_DATABASE_URL database name."
  exit 1
fi

TEST_DB_HOST="$(extract_host "$TEST_DATABASE_URL")"
if [[ "$TEST_DB_HOST" == "$TEST_DATABASE_URL" || -z "$TEST_DB_HOST" ]]; then
  echo "Unable to parse TEST_DATABASE_URL host."
  exit 1
fi

if [[ -n "${DATABASE_URL:-}" && "$TEST_DATABASE_URL" == "$DATABASE_URL" ]]; then
  echo "TEST_DATABASE_URL must not equal DATABASE_URL."
  exit 1
fi

if [[ "${ALLOW_TEST_DB_DOCKER_HOST:-0}" != "1" && "$TEST_DB_HOST" == "postgres" ]]; then
  echo "TEST_DATABASE_URL host 'postgres' is not reachable from host-runner jobs."
  echo "Use host-mapped URL (for example: postgres://...@127.0.0.1:5432/skymoney_test)."
  exit 1
fi

IFS=',' read -r -a protected <<< "$PROTECTED_DB_NAMES"
for name in "${protected[@]}"; do
  trimmed="$(echo "$name" | xargs)"
  if [[ -n "$trimmed" && "$TEST_DB_NAME" == "$trimmed" ]]; then
    echo "Refusing to run DB security tests against protected database '$TEST_DB_NAME'."
    echo "Set TEST_DATABASE_URL to a dedicated test database (for example: skymoney_test)."
    exit 1
  fi
done

if [[ "$REQUIRE_TEST_DB_NAME" == "1" ]]; then
  if ! [[ "$TEST_DB_NAME" =~ (test|ci|sandbox|staging|shadow|tmp) ]]; then
    echo "Refusing TEST_DATABASE_URL db '$TEST_DB_NAME': name must include test/ci/sandbox/staging/shadow/tmp."
    echo "If intentional, set REQUIRE_TEST_DB_NAME=0 for this run."
    exit 1
  fi
fi

echo "TEST_DATABASE_URL target check passed (host=$TEST_DB_HOST db=$TEST_DB_NAME)."