#!/usr/bin/env bash
# Obtain an Evotor developer access token via password grant (no browser required).
# Uses dev.evotor.ru credentials (your Evotor developer account).
#
# Usage: ./scripts/evotor-get-token.sh

set -euo pipefail

# Load .env if present
if [[ -f .env ]]; then
    set -a; source .env; set +a
fi

EVOTOR_TOKEN_URL="https://dev.evotor.ru/oauth/token"

# Prompt for credentials
read -rp "Evotor developer login (email): " EVOTOR_LOGIN
read -rsp "Evotor developer password: " EVOTOR_PASSWORD
echo

echo
echo "A 2FA code will be sent to your email if this IP is not recognized."
read -rp "2FA code (leave blank if not required): " EVOTOR_2FA

# Build request body
BODY="type=LOGIN&grant_type=password&client_id=Evo-UI&username=$(python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1]))" "$EVOTOR_LOGIN")&password=$(python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1]))" "$EVOTOR_PASSWORD")"

EXTRA_HEADERS=()
if [[ -n "$EVOTOR_2FA" ]]; then
    EXTRA_HEADERS+=(-H "2fa_confirmation: $EVOTOR_2FA")
fi

echo
echo "Requesting token..."
RESPONSE=$(curl -s -X POST "$EVOTOR_TOKEN_URL" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    "${EXTRA_HEADERS[@]}" \
    -d "$BODY")

echo
echo "Response:"
echo "$RESPONSE" | python3 -m json.tool 2>/dev/null || echo "$RESPONSE"

ACCESS_TOKEN=$(echo "$RESPONSE" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('access_token',''))" 2>/dev/null || true)

if [[ -z "$ACCESS_TOKEN" ]]; then
    echo
    echo "ERROR: No access_token in response." >&2
    exit 1
fi

echo
echo "Access token:"
echo "$ACCESS_TOKEN"
echo
echo "To save this token to .env, add or update:"
echo "  EVOTOR_ACCESS_TOKEN=$ACCESS_TOKEN"