#!/bin/bash

# Variables
KC_HOST="http://localhost:8080"
REALM="master"
CLIENT_ID="soa"
CLIENT_SECRET="mysecret"
USERNAME="alexis"
PASSWORD="password"

# Fonction d'attente
wait_for_keycloak() {
  echo "⏳ Attente de Keycloak..."
  until curl -s "$KC_HOST" > /dev/null; do
    sleep 2
  done
  echo "✅ Keycloak est prêt."
}

# Obtenir un token admin
get_admin_token() {
  curl -s -X POST "$KC_HOST/realms/master/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "username=admin" \
    -d "password=admin" \
    -d "grant_type=password" \
    -d "client_id=admin-cli" |
    jq -r .access_token
}

# Créer un realm, client et utilisateur
setup_keycloak() {
  TOKEN=$(get_admin_token)

  echo "🛠️ Création du realm $REALM..."
  curl -s -X POST "$KC_HOST/admin/realms" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"realm\":\"$REALM\",\"enabled\":true}" > /dev/null

  echo "🛠️ Création du client $CLIENT_ID..."
  curl -s -X POST "$KC_HOST/admin/realms/$REALM/clients" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "{
      \"clientId\": \"$CLIENT_ID\",
      \"enabled\": true,
      \"publicClient\": false,
      \"secret\": \"$CLIENT_SECRET\",
      \"redirectUris\": [\"*\"],
      \"standardFlowEnabled\": true
    }" > /dev/null

  echo "👤 Création de l'utilisateur $USERNAME..."
  curl -s -X POST "$KC_HOST/admin/realms/$REALM/users" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "{
      \"username\": \"$USERNAME\",
      \"enabled\": true,
      \"credentials\": [{
        \"type\": \"password\",
        \"value\": \"$PASSWORD\",
        \"temporary\": false
      }]
    }" > /dev/null

  echo "✅ Configuration terminée !"
  echo "🔐 Utilisateur: $USERNAME / $PASSWORD"
  echo "🪪 Client secret: $CLIENT_SECRET"
}

# Lancer le setup
wait_for_keycloak
setup_keycloak