#!/bin/bash
# Setup sudo permissions for email sync script

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
SYNC_SCRIPT="$SCRIPT_DIR/sync.js"
USERNAME=$(whoami)

echo "🔐 Setting up sudo permissions for email rules sync..."
echo ""

# Create sudoers file
SUDOERS_FILE="/etc/sudoers.d/email-rules-sync"

# Check if already configured
if [ -f "$SUDOERS_FILE" ]; then
    echo "⚠️  Sudoers file already exists at $SUDOERS_FILE"
    echo "Remove it first if you want to recreate it"
    exit 1
fi

# Create temp file
TEMP_SUDOERS=$(mktemp)

cat > "$TEMP_SUDOERS" << EOF
# Allow $USERNAME to run email-rules-sync without password
# This is needed to change file ownership to mail server user (UID 5000)
$USERNAME ALL=(ALL) NOPASSWD: /usr/bin/node $SYNC_SCRIPT
EOF

# Validate sudoers syntax
if visudo -c -f "$TEMP_SUDOERS" 2>/dev/null; then
    echo "✅ Sudoers file syntax is valid"
    echo "Moving to $SUDOERS_FILE..."
    sudo mv "$TEMP_SUDOERS" "$SUDOERS_FILE"
    sudo chmod 0440 "$SUDOERS_FILE"
    echo "✅ Sudo permissions configured successfully!"
    echo ""
    echo "You can now run:"
    echo "  sudo node $SYNC_SCRIPT"
    echo ""
    echo "Without entering a password."
else
    echo "❌ Sudoers file syntax error!"
    rm -f "$TEMP_SUDOERS"
    exit 1
fi