#!/bin/bash
# =============================================================================
# Google Drive 認證監控與告警腳本
#
# 功能：
#   1. 監控 Google Drive API 認證狀態
#   2. 檢測 Token 過期或撤銷
#   3. 發送 Telegram 告警通知（需人工重新認證）
#
# 用法：
#   每 30 分鐘執行一次（透過 cron）
#   */30 * * * * /home/wooo/scripts/google_drive_monitor.sh >> /var/log/google_drive_monitor.log 2>&1
#
# 注意：Google Drive OAuth Token 無法自動刷新，需要人工介入
#
# 作者：Claude Code
# 日期：2026-01-28
# =============================================================================

set -e

# =============================================================================
# 配置區
# =============================================================================

# API 端點
API_URL="https://mo.wooo.work/api/test_drive_connection"

# Telegram 配置
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
TELEGRAM_CHAT_ID="5619078117"

# 超時設定（秒）
CURL_TIMEOUT=30

# 狀態檔案（避免重複告警）
STATE_FILE="/tmp/google_drive_monitor_state"
ALERT_COOLDOWN=3600  # 1 小時內不重複告警

# 日誌檔案
LOG_FILE="/var/log/google_drive_monitor.log"

# =============================================================================
# 函數定義
# =============================================================================

log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
}

send_telegram() {
    local message="$1"
    curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
        -d chat_id="${TELEGRAM_CHAT_ID}" \
        -d text="${message}" \
        -d parse_mode="HTML" \
        > /dev/null 2>&1 || true
}

check_google_drive() {
    # 測試 Google Drive API 連線
    local response
    response=$(curl -s --connect-timeout ${CURL_TIMEOUT} --max-time ${CURL_TIMEOUT} \
        -X POST "${API_URL}" \
        -H "Content-Type: application/json" \
        -d '{}' 2>/dev/null || echo '{"success":false,"message":"Connection failed"}')

    # 解析 JSON 回應
    if echo "${response}" | grep -q '"success":true'; then
        echo "healthy"
    else
        # 提取錯誤訊息
        local error_msg
        error_msg=$(echo "${response}" | grep -o '"message":"[^"]*"' | cut -d'"' -f4 || echo "Unknown error")
        echo "unhealthy:${error_msg}"
    fi
}

should_send_alert() {
    # 檢查是否在冷卻期內
    if [ -f "${STATE_FILE}" ]; then
        local last_alert
        last_alert=$(cat "${STATE_FILE}" 2>/dev/null || echo "0")
        local now
        now=$(date +%s)
        local diff=$((now - last_alert))

        if [ ${diff} -lt ${ALERT_COOLDOWN} ]; then
            log "在冷卻期內 (${diff}s < ${ALERT_COOLDOWN}s)，跳過告警"
            return 1
        fi
    fi
    return 0
}

record_alert_time() {
    date +%s > "${STATE_FILE}"
}

clear_alert_state() {
    rm -f "${STATE_FILE}"
}

# =============================================================================
# 主程式
# =============================================================================

main() {
    log "========== 開始 Google Drive 認證檢查 =========="

    # 檢查 Google Drive 認證狀態
    local status
    status=$(check_google_drive)
    log "Google Drive 狀態: ${status}"

    if [ "${status}" = "healthy" ]; then
        log "Google Drive 認證正常"
        # 清除告警狀態（恢復後可以再次告警）
        clear_alert_state
        log "========== 檢查完成 =========="
        exit 0
    fi

    # 認證失敗，發送告警
    local error_msg="${status#unhealthy:}"
    log "Google Drive 認證失敗: ${error_msg}"

    # 檢查是否需要發送告警
    if should_send_alert; then
        send_telegram "🔴 <b>Google Drive 認證失敗</b>

症狀: ${error_msg}
原因: OAuth Token 可能已過期或被撤銷

<b>需要人工處理：</b>
1. SSH 到本機開發環境
2. 執行重新認證：
<code>cd /Users/ogt/momo-pro-system
python3 -c \"
from services.google_drive_service import drive_service
import os
os.remove('config/google_token.pickle') if os.path.exists('config/google_token.pickle') else None
drive_service.authenticate()
\"</code>

3. 更新 Docker 容器：
<code>scp config/google_*.* wooo@192.168.0.110:/tmp/
ssh wooo@192.168.0.110 '
docker cp /tmp/google_credentials.json momo-pro-system:/app/config/
docker cp /tmp/google_token.pickle momo-pro-system:/app/config/
docker restart momo-pro-system momo-scheduler
'</code>

時間: $(date '+%Y-%m-%d %H:%M:%S')"

        record_alert_time
        log "已發送 Telegram 告警"
    fi

    log "========== 檢查完成 =========="
}

# 執行主程式
main "$@"