#!/usr/bin/env bash
set -euo pipefail

export GIT_CONFIG_NOSYSTEM=1
export HOME=/home/user

REPO_URL="https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git"
DB_PATH="/app/db/webui.db"
ENCRYPTED_DB="webui.db.enc"
TEMP_REPO="/app/db/temp_repo"

echo "[sync] Configuring Open-WebUI persistence via GitHub + OpenSSL"

mkdir -p /app/db

if [ ! -d "$TEMP_REPO/.git" ]; then
    echo "[sync] Cloning repo ${GITHUB_REPO}..."
    git clone "$REPO_URL" "$TEMP_REPO"
else
    echo "[sync] Repo already cloned, pulling latest..."
    cd "$TEMP_REPO" && git fetch --all && git reset --hard origin/main && cd -
fi

if [ -f "$TEMP_REPO/$ENCRYPTED_DB" ]; then
    echo "[sync] Found encrypted DB, decrypting..."
    openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 \
        -in "$TEMP_REPO/$ENCRYPTED_DB" \
        -out "$DB_PATH" \
        -k "$ENCRYPTION_KEY"
else
    echo "[sync] No DB found in repo, creating empty DB..."
    sqlite3 "$DB_PATH" "VACUUM;"
fi

(
  while true; do
    echo "[sync] Sleeping 60s before next push..."
    sleep 60
    if [ -f "$DB_PATH" ]; then
      echo "[sync] Encrypting and pushing DB..."
      openssl enc -aes-256-cbc -pbkdf2 -iter 100000 \
          -in "$DB_PATH" \
          -out "$TEMP_REPO/$ENCRYPTED_DB" \
          -k "$ENCRYPTION_KEY"

      cd "$TEMP_REPO"
      git config user.email "openwebui@hf.space"
      git config user.name "OpenWebUI Backup Bot"
      git add "$ENCRYPTED_DB"
      git commit -m "Automated backup $(date -u +%Y%m%dT%H%M%SZ)" || echo "[sync] No changes to commit"
      git push origin main || echo "[sync] Push failed"
      cd -
    fi
  done
) &

exec ./start.sh