#!/usr/bin/env python3
"""
Example script demonstrating sensitive variable usage.

This script shows how to:
1. Create a project with variables
2. Mark some variables as sensitive
3. Set values for both regular and sensitive variables
4. Retrieve values from both storages
5. Use variables in request substitution

Run this from the project root after building the app.
"""

import sys
import os

# Add src to path for testing
sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'src'))

from roster.project_manager import ProjectManager
from roster.models import HttpRequest
from roster.variable_substitution import VariableSubstitution


def main():
    print("=" * 60)
    print("Sensitive Variables Example")
    print("=" * 60)

    pm = ProjectManager()

    # Create a test project
    print("\n1. Creating test project...")
    project = pm.add_project("API Test Project")
    project_id = project.id
    print(f"   Created project: {project.name} (ID: {project_id})")

    # Add environments
    print("\n2. Adding environments...")
    env_prod = pm.add_environment(project_id, "Production")
    env_dev = pm.add_environment(project_id, "Development")
    print(f"   - Production (ID: {env_prod.id})")
    print(f"   - Development (ID: {env_dev.id})")

    # Add variables
    print("\n3. Adding variables...")
    pm.add_variable(project_id, "base_url")
    pm.add_variable(project_id, "api_key")
    pm.add_variable(project_id, "timeout")
    print("   - base_url (regular)")
    print("   - api_key (regular for now)")
    print("   - timeout (regular)")

    # Set values for regular variables
    print("\n4. Setting values for regular variables...")
    pm.set_variable_value(project_id, env_prod.id, "base_url", "https://api.example.com")
    pm.set_variable_value(project_id, env_dev.id, "base_url", "https://dev.api.example.com")
    pm.set_variable_value(project_id, env_prod.id, "timeout", "30")
    pm.set_variable_value(project_id, env_dev.id, "timeout", "60")
    print("   ✓ Set base_url for both environments")
    print("   ✓ Set timeout for both environments")

    # Set API key values (still regular)
    print("\n5. Setting API key values (in JSON - NOT SECURE YET)...")
    pm.set_variable_value(project_id, env_prod.id, "api_key", "prod-secret-key-12345")
    pm.set_variable_value(project_id, env_dev.id, "api_key", "dev-secret-key-67890")
    print("   ⚠ API keys stored in plain JSON file!")

    # Mark API key as sensitive
    print("\n6. Marking api_key as SENSITIVE...")
    success = pm.mark_variable_as_sensitive(project_id, "api_key")
    if success:
        print("   ✓ api_key is now stored in GNOME Keyring (encrypted)")
        print("   ✓ Values moved from JSON to keyring")
        print("   ✓ JSON now contains empty placeholders")
    else:
        print("   ✗ Failed to mark as sensitive")
        return

    # Verify storage
    print("\n7. Verifying storage...")
    is_sensitive = pm.is_variable_sensitive(project_id, "api_key")
    print(f"   - api_key is sensitive: {is_sensitive}")

    # Retrieve values
    print("\n8. Retrieving values...")
    base_url_prod = pm.get_variable_value(project_id, env_prod.id, "base_url")
    api_key_prod = pm.get_variable_value(project_id, env_prod.id, "api_key")
    api_key_dev = pm.get_variable_value(project_id, env_dev.id, "api_key")

    print(f"   - Production base_url: {base_url_prod}")
    print(f"   - Production api_key: {api_key_prod} (from keyring)")
    print(f"   - Development api_key: {api_key_dev} (from keyring)")

    # Use in request substitution
    print("\n9. Using in request substitution...")
    request = HttpRequest(
        method="GET",
        url="{{base_url}}/users",
        headers={
            "Authorization": "Bearer {{api_key}}",
            "X-Timeout": "{{timeout}}"
        },
        body=""
    )
    print(f"   Original request URL: {request.url}")
    print(f"   Original request headers: {request.headers}")

    # Get environment with secrets
    env_with_secrets = pm.get_environment_with_secrets(project_id, env_prod.id)

    # Substitute variables
    vs = VariableSubstitution()
    substituted_request, undefined = vs.substitute_request(request, env_with_secrets)

    print(f"\n   Substituted request URL: {substituted_request.url}")
    print(f"   Substituted headers: {substituted_request.headers}")
    print(f"   Undefined variables: {undefined}")

    # Demonstrate file storage
    print("\n10. Checking file storage...")
    projects = pm.load_projects()
    for p in projects:
        if p.id == project_id:
            print(f"   Variables: {p.variable_names}")
            print(f"   Sensitive variables: {p.sensitive_variables}")
            for env in p.environments:
                if env.id == env_prod.id:
                    print(f"   Production variables in JSON: {env.variables}")
                    print(f"   Notice: api_key is empty (value in keyring)")

    # Cleanup
    print("\n11. Cleanup...")
    response = input("   Delete test project? (y/n): ")
    if response.lower() == 'y':
        pm.delete_project(project_id)
        print("   ✓ Project deleted (secrets also removed from keyring)")
    else:
        print(f"   Project kept. ID: {project_id}")
        print("   You can view secrets in 'Passwords and Keys' app")

    print("\n" + "=" * 60)
    print("Example completed!")
    print("=" * 60)


if __name__ == "__main__":
    try:
        main()
    except KeyboardInterrupt:
        print("\n\nInterrupted by user")
        sys.exit(1)
    except Exception as e:
        print(f"\n\nError: {e}")
        import traceback
        traceback.print_exc()
        sys.exit(1)