#!/bin/sh
# scripts/validate-config.sh - Validate furt configuration

set -e

# Detect config file location
if [ "$(uname)" = "OpenBSD" ]; then
    CONFIG_FILE="/usr/local/etc/furt/furt.conf"
else
    CONFIG_FILE="/etc/furt/furt.conf"
fi

echo "Validating configuration: $CONFIG_FILE"

# Check if config file exists
if [ ! -f "$CONFIG_FILE" ]; then
    echo "Error: Configuration file not found: $CONFIG_FILE"
    exit 1
fi

# Basic INI syntax validation
if ! grep -q '^\[server\]' "$CONFIG_FILE"; then
    echo "Error: [server] section missing in config"
    exit 1
fi

# Fix: Use POSIX-compatible regex patterns
if ! grep -q '^[ \t]*port[ \t]*=' "$CONFIG_FILE"; then
    echo "Error: server port not configured"
    exit 1
fi

if ! grep -q '^[ \t]*host[ \t]*=' "$CONFIG_FILE"; then
    echo "Error: server host not configured"
    exit 1
fi

# Check for at least one API key
if ! grep -q '^\[api_key' "$CONFIG_FILE"; then
    echo "Warning: No API keys configured"
fi

# Check permissions (should not be world-readable due to secrets)
PERMS=$(stat -c '%a' "$CONFIG_FILE" 2>/dev/null || stat -f '%Lp' "$CONFIG_FILE")
if [ "$PERMS" -gt 640 ]; then
    echo "Warning: Config file permissions too open ($PERMS), should be 640"
fi

echo "Configuration validation completed"