#!/usr/bin/env bash
# =============================================================================
# Meta              : Vault-Warden 备份执行脚本
# Version           : 2.0.0
# Author            : Bash Shell Senior Development Engineer
# License           : MIT
# Description       : 自动化执行Vaultwarden远程备份、同步、加密、上传及清理任务。
# =============================================================================

# > 导入公共库
source "$(dirname "$0")/common.sh" || { echo "FATAL: common.sh not found." >&2; exit 1; }

#------------------------------------------------------------------------------
# 脚本配置区
#------------------------------------------------------------------------------
readonly APP_NAME="VaultWarden"
readonly REMOTE_USER="root"
readonly REMOTE_HOST="s5"
readonly MAX_ENCRYPTED_REPLICAS=5 # 远程保留的最大加密副本数

# > 远程路径
readonly REMOTE_BACKUP_CMD="docker exec vault-warden /vaultwarden backup"
readonly REMOTE_DATA_DIR="/data/vault-warden/persist-data"
readonly REMOTE_DB_BACKUP_GLOB="${REMOTE_DATA_DIR}/db_*.sqlite3"

# > 本地路径
readonly LOCAL_BACKUP_DIR="/data/s5_146-56-159-175/vault-warden"

# =============================================================================
# 主执行流程
# =============================================================================
main() {
  trap 'log_message "ERROR" "${APP_NAME}的备份任务出现错误! 终止"' ERR
  log_message "INFO" "====== 开始 ${APP_NAME} 备份任务 ======"

  # > 步骤 1: 远程执行官方备份命令
  log_message "INFO" "[Step 1/7] 远程执行官方备份命令..."
  execute_remote_command "${REMOTE_USER}" "${REMOTE_HOST}" "${REMOTE_BACKUP_CMD}"

  # > 步骤 2: rsync复制备份文件到本地
  log_message "INFO" "[Step 2/7] rsync复制备份文件到本地..."
  mkdir -p "${LOCAL_BACKUP_DIR}"
  rsync -avz --progress -e "ssh -p ${REMOTE_SSH_PORT}" \
    "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_DATA_DIR}/" \
    "${LOCAL_BACKUP_DIR}/" --include='db_*.sqlite3' --include='config.json' --include='rsa_key*' --include='attachments/***' --include='icon_cache/***' --include='sends/***' --exclude='*'

  # > 步骤 3: 远程清理备份的数据库文件
  log_message "INFO" "[Step 3/7] 远程清理备份的数据库文件..."
  execute_remote_command "${REMOTE_USER}" "${REMOTE_HOST}" "rm -f ${REMOTE_DB_BACKUP_GLOB}"

  # > 步骤 4: 7zip加密本地目录
  local archive_file="${SCRIPT_RUN_DIR}/${APP_NAME}-backup-$(date +%Y%m%d-%H%M%S).7z"
  log_message "INFO" "[Step 4/7] 7zip加密本地目录..."
  encrypt_with_7zip "${LOCAL_BACKUP_DIR}" "${archive_file}"

  # > 步骤 5: rclone上传压缩包
  log_message "INFO" "[Step 5/7] 上传加密压缩包至冷存储 => ${RCLONE_REMOTE_REPO}..."
  rclone_copy "${archive_file}" "${RCLONE_REMOTE_REPO}"

  # > 步骤 6: 控制远程仓库副本数
  log_message "INFO" "[Step 6/7] 控制冷备份的副本数量 => ${MAX_ENCRYPTED_REPLICAS}..."
  rclone_control_replicas "${RCLONE_REMOTE_REPO}" "${APP_NAME}-backup-" "${MAX_ENCRYPTED_REPLICAS}"

  # > 步骤 7: 清理本地加密压缩包
  log_message "INFO" "[Step 7/7] 清理本地压缩包..."
  cleanup_local_encrypted_files "${SCRIPT_RUN_DIR}"
  # > 清理本地临时数据
  rm -rf "${LOCAL_BACKUP_DIR}/db_*.sqlite3"


  log_message "INFO" "====== ${APP_NAME} 备份任务已全部完成!  ======"
}

# =============================================================================
# 脚本入口点
# =============================================================================
# 函数调用关系图
# main
# ├─ execute_remote_command (2)
# ├─ encrypt_with_7zip
# ├─ rclone_copy
# ├─ rclone_control_replicas
# └─ cleanup_local_encrypted_files
# =============================================================================
main "$@"