#!/usr/bin/env bash

# Exit on error
set -e

# Set up trap to ensure cleanup of temporary files
cleanup() {
  if [ -f "$AUTH_TEMP" ]; then rm "$AUTH_TEMP"; fi
  if [ -f "$DELETE_TEMP" ]; then rm "$DELETE_TEMP"; fi
}

# Set trap for script exit, termination signals, and errors
trap cleanup EXIT INT TERM ERR

# Create secure temporary files
AUTH_TEMP=$(mktemp) || { echo "Failed to create temporary file"; exit 1; }
DELETE_TEMP=$(mktemp) || { echo "Failed to create temporary file"; exit 1; }

# Ensure temp files are only readable by the owner
chmod 600 "$AUTH_TEMP" "$DELETE_TEMP"

# Configuration
HANDLE="${BLUESKY_IDENTIFIER}"
APP_PASSWORD="${BLUESKY_PASSWORD}"
COLLECTION="is.rud.bsky.bookshelf.book"

# Get RECORD_KEY from command line parameter
if [ -z "$1" ]; then
  echo "Error: RECORD_KEY must be provided as a command-line parameter"
  echo "Usage: $0 <record_key>"
  exit 1
fi

RECORD_KEY="$1"  # The rkey you want to delete

# Check if credentials are provided
if [ -z "$HANDLE" ] || [ -z "$APP_PASSWORD" ]; then
  echo "Please provide your Bluesky handle and app password"
  exit 1
fi

# Create a temporary JSON file for authentication
cat > "$AUTH_TEMP" << EOF
{
  "identifier": "$HANDLE",
  "password": "$APP_PASSWORD"
}
EOF

# Authenticate with Bluesky
echo "Authenticating with Bluesky..."
AUTH_RESPONSE=$(curl -s -X POST "https://bsky.social/xrpc/com.atproto.server.createSession" \
  -H "Content-Type: application/json" \
  -d @"$AUTH_TEMP")

# Extract access token and DID
ACCESS_TOKEN=$(echo "$AUTH_RESPONSE" | jq -r .accessJwt)
DID=$(echo "$AUTH_RESPONSE" | jq -r .did)

if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" == "null" ]; then
  echo "Authentication failed. Please check your credentials."
  exit 1
fi

echo "Authentication successful! DID: $DID"

# Create a JSON file for the delete request
cat > "$DELETE_TEMP" << EOF
{
  "repo": "$DID",
  "collection": "$COLLECTION",
  "rkey": "$RECORD_KEY"
}
EOF

# Delete the record
echo "Deleting record $RECORD_KEY from collection $COLLECTION..."
DELETE_RESPONSE=$(curl -s -X POST "https://bsky.social/xrpc/com.atproto.repo.deleteRecord" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -d @"$DELETE_TEMP")

# Check if the deletion was successful
if [ -z "$DELETE_RESPONSE" ]; then
  echo "Success! Record deleted."
else
  echo "Failed to delete record. Response: $DELETE_RESPONSE"
  exit 1
fi