#!/usr/bin/env bash
set -euo pipefail

UCG_HOST="${UCG_HOST:-192.168.1.1}"
BASE_URL="https://${UCG_HOST}"

TARGET_IP="${1:-192.168.1.50}"
DOMAIN="${2:-coreworlds.io}"

RECORDS=(
  "$DOMAIN"
  "*.$DOMAIN"
)

# --- Auth ---

if [[ -z "${UCG_API_KEY:-}" ]]; then
  echo "Error: UCG_API_KEY is not set"
  echo "Create an API key in UniFi OS → Settings → API Keys"
  exit 1
fi

AUTH_HEADER="X-API-Key: ${UCG_API_KEY}"

# --- Fetch existing records ---

echo "Fetching existing static DNS entries..."
EXISTING=$(curl -sk -X GET "${BASE_URL}/proxy/network/v2/api/site/default/static-dns" \
  -H "$AUTH_HEADER")

# --- Create records ---

for RECORD in "${RECORDS[@]}"; do
  # Skip if record already exists
  if echo "$EXISTING" | grep -q "\"key\":\"${RECORD}\""; then
    echo "  [skip] ${RECORD} → ${TARGET_IP} (already exists)"
    continue
  fi

  echo "  [create] ${RECORD} → ${TARGET_IP}"
  HTTP_CODE=$(curl -sk -X POST "${BASE_URL}/proxy/network/v2/api/site/default/static-dns" \
    -H "$AUTH_HEADER" \
    -H "Content-Type: application/json" \
    -d "{\"key\":\"${RECORD}\",\"value\":\"${TARGET_IP}\",\"record_type\":\"A\",\"enabled\":true}" \
    -o /dev/null \
    -w '%{http_code}')

  if [[ "$HTTP_CODE" == "200" || "$HTTP_CODE" == "201" ]]; then
    echo "         ✓ created"
  else
    echo "         ✗ failed (HTTP ${HTTP_CODE})"
  fi
done

# --- Verify ---

echo ""
echo "Current static DNS entries:"
curl -sk -X GET "${BASE_URL}/proxy/network/v2/api/site/default/static-dns" \
  -H "$AUTH_HEADER" | python3 -m json.tool 2>/dev/null || echo "(could not pretty-print response)"

echo ""
echo "Done. Test with: dig @${UCG_HOST} ${DOMAIN}"