#!/usr/bin/env bash

# =========================================================
# BLUESKY CUSTOM COLLECTION CREATOR
# This script demonstrates how to create custom collections in the AT Protocol.
# Collections allow you to store custom data structures in your repository.
# =========================================================

# Exit on error to prevent continuing with partial success
set -e

# Set up cleanup to happen automatically when the script exits
# This ensures we don't leave sensitive authentication data behind
trap cleanup EXIT

# Create a secure temporary directory to store sensitive information
# Using mktemp ensures the directory has restricted permissions and a unique name
TEMP_DIR=$(mktemp -d)
AUTH_FILE="${TEMP_DIR}/auth.json"
RECORD_FILE="${TEMP_DIR}/record.json"

# Define a cleanup function to remove temporary files securely
# This prevents sensitive data from being left on disk
cleanup() {
  echo "Cleaning up temporary files..."
  rm -rf "${TEMP_DIR}"
}

# =========================================================
# CONFIGURATION
# These variables set up the user identity and collection details
# =========================================================
HANDLE="${BLUESKY_IDENTIFIER}"
APP_PASSWORD="${BLUESKY_PASSWORD}"
COLLECTION_NAME="is.rud.bsky.bookshelf.book"
RECORD_TYPE="book"

# Validate that required credentials are available
# This prevents confusing errors later in the script
if [ -z "$HANDLE" ] || [ -z "$APP_PASSWORD" ]; then
  echo "Please edit this script to add your Bluesky handle and app password"
  exit 1
fi

# =========================================================
# AUTHENTICATION
# Authenticating with Bluesky to get an access token
# The AT Protocol uses JWT tokens for authenticated requests
# =========================================================

# Create the authentication payload as a JSON file
cat > "${AUTH_FILE}" << EOF
{
  "identifier": "$HANDLE",
  "password": "$APP_PASSWORD"
}
EOF

# Send authentication request to the Bluesky API
# This uses the createSession endpoint to get tokens
echo "Authenticating with Bluesky..."
AUTH_RESPONSE=$(curl -s -X POST "https://bsky.social/xrpc/com.atproto.server.createSession" \
  -H "Content-Type: application/json" \
  -d @"${AUTH_FILE}")

# Extract the access token and DID (Decentralized Identifier)
# The DID is your unique identifier in the AT Protocol
ACCESS_TOKEN=$(echo "$AUTH_RESPONSE" | jq -r .accessJwt)
DID=$(echo "$AUTH_RESPONSE" | jq -r .did)

# Validate authentication success
if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" == "null" ]; then
  echo "Authentication failed. Please check your credentials."
  exit 1
fi

echo "Authentication successful! DID: $DID"

# =========================================================
# RECORD CREATION
# Preparing and creating a custom record in your repository
# Each record needs a collection name, repository key, and content
# =========================================================

# Create ISO 8601 timestamp for the record
# AT Protocol typically uses ISO timestamps for time fields
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%S.%3NZ")

# Create the record payload with sample book data
# The $type field is required and must match the collection name
cat > "${RECORD_FILE}" << EOF
{
  "repo": "$DID",
  "collection": "$COLLECTION_NAME",
  "rkey": "$RECORD_TYPE-$(date +%s)",
  "record": {
    "\$type": "$COLLECTION_NAME",
    "title": "The Great Gatsby",
    "author": "F. Scott Fitzgerald",
    "rating": 5,
    "review": "A classic American novel that explores themes of wealth, class, and the American Dream.",
    "readDate": "$TIMESTAMP",
    "createdAt": "$TIMESTAMP"
  }
}
EOF

# =========================================================
# PUBLISHING THE RECORD
# Sending the record to the AT Protocol repository
# This makes it part of your public data graph
# =========================================================

# Send the create record request to the API
echo "Creating new record in collection $COLLECTION_NAME..."
CREATE_RESPONSE=$(curl -s -X POST "https://bsky.social/xrpc/com.atproto.repo.createRecord" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -d @"${RECORD_FILE}")

# Validate the response and extract record identifiers
# URI is the canonical identifier for the record
# CID is the content identifier (hash of the record data)
URI=$(echo "$CREATE_RESPONSE" | jq -r .uri)
CID=$(echo "$CREATE_RESPONSE" | jq -r .cid)

if [ -z "$URI" ] || [ "$URI" == "null" ]; then
  echo "Failed to create record. Response: $CREATE_RESPONSE"
  exit 1
fi

# =========================================================
# RESULTS
# Successfully created a custom collection record
# =========================================================
echo "Success! Created new record in collection."
echo "URI: $URI"
echo "CID: $CID"
echo ""
echo "Note: This is an experimental collection. To make this a proper collection,"
echo "you would need to define a lexicon schema for it."