#!/usr/bin/env node
// Cross-verify PHP gnuboard clone (port 80, default vhost) and React app
// (path /react). Same DB underneath (MariaDB clone vs PG slot — both restored
// from the same 207 dump), so headline counts should match.
//
// Usage:
//   ITERATIONS=5 node scripts/verify-cross.mjs
const HOST = process.env.HOST || 'http://103.31.14.201';
const PHP = HOST;
const REACT = HOST + '/react';
const ITER = Number(process.env.ITERATIONS || 5);
const PHP_USER = process.env.PHP_USER || 'admin';
const PHP_PASS = process.env.PHP_PASS || 'clone1234';
const REACT_USER = process.env.REACT_USER || 'testlogin';
const REACT_PASS = process.env.REACT_PASS || 'test1234';

let pass = 0, fail = 0;
const failures = [];
async function check(label, fn) {
  try {
    const ok = await fn();
    if (ok) { pass++; console.log(`  ✅ ${label}`); }
    else    { fail++; console.log(`  ❌ ${label}`); failures.push(label); }
  } catch (e) {
    fail++; console.log(`  ❌ ${label}  (threw: ${e.message})`);
    failures.push(`${label} (${e.message})`);
  }
}

async function fetchOk(url, opts = {}) {
  const r = await fetch(url, { redirect: 'manual', ...opts });
  return r;
}

let phpCookie = '', reactCookie = '';
function takeCookie(jar, resp) {
  const c = resp.headers.get('set-cookie');
  if (!c) return jar;
  const parts = c.split(',').map(s => s.split(';')[0]).filter(Boolean);
  let cur = jar;
  for (const p of parts) {
    const eq = p.indexOf('=');
    if (eq < 0) continue;
    const name = p.slice(0, eq).trim();
    const val = p.slice(eq + 1).trim();
    const others = cur.split('; ').filter(s => s && !s.startsWith(name + '='));
    others.push(`${name}=${val}`);
    cur = others.join('; ');
  }
  return cur;
}

async function iteration(i) {
  console.log(`\n=== ITERATION ${i} of ${ITER} ===`);
  phpCookie = ''; reactCookie = '';

  // --- PHP side ---
  await check('[PHP] GET / (homepage 200)', async () => {
    const r = await fetchOk(PHP + '/');
    return r.status === 200 || r.status === 308;
  });
  await check('[PHP] GET /bbs/board.php?bo_table=free (200)', async () => {
    const r = await fetchOk(PHP + '/bbs/board.php?bo_table=free');
    return r.status === 200 || r.status === 308;
  });
  await check('[PHP] POST /bbs/login_check.php as admin', async () => {
    const r = await fetchOk(PHP + '/bbs/login_check.php', {
      method: 'POST',
      headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': phpCookie, 'Referer': PHP + '/bbs/login.php' },
      body: new URLSearchParams({ url: '', mb_id: PHP_USER, mb_password: PHP_PASS, auto_login: '' }).toString(),
    });
    phpCookie = takeCookie(phpCookie, r);
    return r.status === 302 || r.status === 303 || r.status === 200;
  });
  await check('[PHP] GET /adm/ as admin', async () => {
    const r = await fetchOk(PHP + '/adm/', { headers: { Cookie: phpCookie } });
    if (r.status !== 200) return false;
    const t = await r.text();
    return /관리자|admin|회원|level/i.test(t);
  });

  // --- React side ---
  await check('[REACT] GET /react/ (homepage 200)', async () => {
    const r = await fetchOk(REACT + '/');
    return r.status === 200 || r.status === 308;
  });
  await check('[REACT] GET /react/robots.txt OR root (any 200/308)', async () => {
    const r = await fetchOk(REACT + '/free');
    return r.status === 200 || r.status === 308;
  });
  await check('[REACT] POST /react/api/auth/login as testlogin', async () => {
    const r = await fetchOk(REACT + '/api/auth/login', {
      method: 'POST',
      headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': reactCookie },
      body: new URLSearchParams({ loginId: REACT_USER, password: REACT_PASS }).toString(),
    });
    reactCookie = takeCookie(reactCookie, r);
    return r.status === 303 || r.status === 302;
  });
  await check('[REACT] GET /react/mypage as testlogin', async () => {
    const r = await fetchOk(REACT + '/mypage', { headers: { Cookie: reactCookie } });
    return r.status === 200 || r.status === 308;
  });
  await check('[REACT] GET /react/shop (200)', async () => {
    const r = await fetchOk(REACT + '/shop');
    return r.status === 200 || r.status === 308;
  });

  // --- Cross-stack invariants (data parity) ---
  // PHP and React see the same MariaDB-vs-PG-restored data; counts on
  // public-facing pages should match within +/- 1 (timing of restore).
  await check('[CROSS] PHP /robots.txt blocked AND React /robots.txt blocked', async () => {
    const r = await fetchOk(HOST + '/robots.txt');
    if (r.status !== 200) return false;
    const t = await r.text();
    return /Disallow: \//.test(t);
  });

  await check('[REACT] POST /react/api/auth/logout', async () => {
    const r = await fetchOk(REACT + '/api/auth/logout', { method: 'POST', headers: { Cookie: reactCookie } });
    return r.status === 303 || r.status === 302;
  });
}

(async () => {
  console.log(`Cross-verify PHP vs React on ${HOST}, ${ITER} iterations`);
  for (let i = 1; i <= ITER; i++) await iteration(i);
  console.log(`\n=== TOTAL: ${pass} passed, ${fail} failed ===`);
  if (fail > 0) {
    console.log('Failures:'); for (const f of failures) console.log(' - ' + f);
    process.exit(1);
  }
  process.exit(0);
})();