// sslCron.mjs

import cron from "node-cron";
import axios from "axios";

// Base URL of your SSL manager Express API
// e.g. the server where you defined /dns/domains and /ssl/refresh
const API_BASE = process.env.SSL_MANAGER_URL || "https://api.hestiacp.metatronhost.com";

// How many days total you treat the cert as valid
// You said: "add the 89 days to the ssl date" → 1 (start) + 89 = 90 days
const CERT_LIFETIME_DAYS = 90;

/**
 * Given the "date" from rawParsed (e.g. "2025-06-27"),
 * calculate expiry date (date + 89 days) and compare with now.
 */
function isExpired(dateStr) {
  if (!dateStr) return true;

  const issued = new Date(dateStr + "T00:00:00Z"); // force UTC-ish
  if (isNaN(issued.getTime())) return true;

  const expiry = new Date(issued);
  expiry.setDate(expiry.getDate() + (CERT_LIFETIME_DAYS - 1)); // +89 days

  const now = new Date();
  return now > expiry;
}

/**
 * Optional helper: return days left until expiry (can be useful for logging/threshholds)
 */
function daysLeft(dateStr) {
  const issued = new Date(dateStr + "T00:00:00Z");
  if (isNaN(issued.getTime())) return -9999;

  const expiry = new Date(issued);
  expiry.setDate(expiry.getDate() + (CERT_LIFETIME_DAYS - 1));

  const diffMs = expiry.getTime() - new Date().getTime();
  const diffDays = Math.floor(diffMs / (1000 * 60 * 60 * 24));
  return diffDays;
}

/**
 * This runs one cycle:
 * - Fetch domain list
 * - For each domain, decide if expired
 * - If expired, call /ssl/refresh
 */
async function checkAndRenewOnce() {
  try {
    console.log("🔍 [SSL CRON] Fetching domains...");
    const res = await axios.get(`${API_BASE}/dns/domains`);

    if (!res.data?.success) {
      console.error("❌ [SSL CRON] /dns/domains failed:", res.data);
      return;
    }

    const rawParsed = res.data.rawParsed || [];
    console.log(`📦 [SSL CRON] Found ${rawParsed.length} DNS entries`);

    for (const row of rawParsed) {
      const { domain, date } = row;

      const left = daysLeft(date);
      const expired = isExpired(date);

      console.log(
        `🌐 Domain: ${domain} | date: ${date} | daysLeft: ${left} | expired: ${expired}`
      );

      if (!expired) {
        continue; // still valid, skip
      }

      try {
        console.log(`🔁 [SSL CRON] Renewing SSL for ${domain}...`);
        const refreshRes = await axios.post(`${API_BASE}/ssl/refresh`, {
          domain,
        });

        if (refreshRes.data?.success) {
          console.log(`✅ [SSL CRON] SSL renewed for ${domain}`);
        } else {
          console.error(
            `⚠️ [SSL CRON] Failed to renew ${domain}:`,
            refreshRes.data
          );
        }
      } catch (err) {
        console.error(
          `❌ [SSL CRON] Error renewing ${domain}:`,
          err.response?.data || err.message
        );
      }
    }

    console.log("🎯 [SSL CRON] Cycle completed.");
  } catch (err) {
    console.error(
      "❌ [SSL CRON] Error fetching domains:",
      err.response?.data || err.message
    );
  }
}

// 🔁 Schedule to run once per day at 03:00 server time
cron.schedule("0 3 * * *", () => {
  console.log("⏰ [SSL CRON] Daily job started...");
  checkAndRenewOnce();
});

// Optional: run immediately when starting the script
checkAndRenewOnce();