// Setup Script for CVE Database
// This creates a fresh database ready for new CVE entries

const sqlite3 = require('sqlite3').verbose();
const fs = require('fs');
const path = require('path');

const DB_FILE = './cve_database.db';
const UPLOADS_DIR = './uploads';

// Initialize database with schema
function initializeDatabase() {
    return new Promise((resolve, reject) => {
        const db = new sqlite3.Database(DB_FILE, (err) => {
            if (err) reject(err);
        });

        const schema = `
            CREATE TABLE IF NOT EXISTS cves (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                cve_id VARCHAR(20) UNIQUE NOT NULL,
                vendor VARCHAR(100) NOT NULL,
                severity VARCHAR(20) NOT NULL,
                description TEXT,
                published_date DATE,
                status VARCHAR(50) DEFAULT 'Open',
                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
                updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
            );

            CREATE TABLE IF NOT EXISTS documents (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                cve_id VARCHAR(20) NOT NULL,
                name VARCHAR(255) NOT NULL,
                type VARCHAR(50) NOT NULL,
                file_path VARCHAR(500) NOT NULL,
                file_size VARCHAR(20),
                mime_type VARCHAR(100),
                uploaded_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
                notes TEXT,
                FOREIGN KEY (cve_id) REFERENCES cves(cve_id) ON DELETE CASCADE
            );

            CREATE TABLE IF NOT EXISTS required_documents (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                vendor VARCHAR(100) NOT NULL,
                document_type VARCHAR(50) NOT NULL,
                is_mandatory BOOLEAN DEFAULT 1,
                description TEXT
            );

            CREATE INDEX IF NOT EXISTS idx_cve_id ON cves(cve_id);
            CREATE INDEX IF NOT EXISTS idx_vendor ON cves(vendor);
            CREATE INDEX IF NOT EXISTS idx_severity ON cves(severity);
            CREATE INDEX IF NOT EXISTS idx_status ON cves(status);
            CREATE INDEX IF NOT EXISTS idx_doc_cve_id ON documents(cve_id);
            CREATE INDEX IF NOT EXISTS idx_doc_type ON documents(type);

            INSERT OR IGNORE INTO required_documents (vendor, document_type, is_mandatory, description) VALUES
            ('Microsoft', 'advisory', 1, 'Official Microsoft Security Advisory'),
            ('Microsoft', 'screenshot', 0, 'Proof of patch application'),
            ('Cisco', 'advisory', 1, 'Cisco Security Advisory'),
            ('Oracle', 'advisory', 1, 'Oracle Security Alert'),
            ('VMware', 'advisory', 1, 'VMware Security Advisory'),
            ('Adobe', 'advisory', 1, 'Adobe Security Bulletin');

            CREATE VIEW IF NOT EXISTS cve_document_status AS
            SELECT 
                c.cve_id,
                c.vendor,
                c.severity,
                c.status,
                COUNT(DISTINCT d.id) as total_documents,
                COUNT(DISTINCT CASE WHEN d.type = 'advisory' THEN d.id END) as advisory_count,
                COUNT(DISTINCT CASE WHEN d.type = 'email' THEN d.id END) as email_count,
                COUNT(DISTINCT CASE WHEN d.type = 'screenshot' THEN d.id END) as screenshot_count,
                CASE 
                    WHEN COUNT(DISTINCT CASE WHEN d.type = 'advisory' THEN d.id END) > 0 
                    THEN 'Complete'
                    ELSE 'Missing Required Docs'
                END as compliance_status
            FROM cves c
            LEFT JOIN documents d ON c.cve_id = d.cve_id
            GROUP BY c.cve_id, c.vendor, c.severity, c.status;
        `;

        db.exec(schema, (err) => {
            if (err) {
                reject(err);
            } else {
                console.log('✓ Database initialized successfully');
                resolve(db);
            }
        });
    });
}

// Create uploads directory structure
function createUploadsDirectory() {
    if (!fs.existsSync(UPLOADS_DIR)) {
        fs.mkdirSync(UPLOADS_DIR, { recursive: true });
        console.log('✓ Created uploads directory');
    } else {
        console.log('✓ Uploads directory already exists');
    }
}

// Add sample CVE data (optional - for testing)
async function addSampleData(db) {
    console.log('\n📝 Would you like to add sample CVE data for testing? (y/n)');
    
    // For automated setup, we'll skip this. Uncomment the code below if you want samples.
    
    /*
    const sampleCVEs = [
        {
            cve_id: 'CVE-2024-SAMPLE-1',
            vendor: 'Microsoft',
            severity: 'Critical',
            description: 'Sample vulnerability for testing',
            published_date: '2024-01-15'
        }
    ];

    for (const cve of sampleCVEs) {
        await new Promise((resolve, reject) => {
            db.run(
                `INSERT OR IGNORE INTO cves (cve_id, vendor, severity, description, published_date) 
                 VALUES (?, ?, ?, ?, ?)`,
                [cve.cve_id, cve.vendor, cve.severity, cve.description, cve.published_date],
                (err) => {
                    if (err) reject(err);
                    else {
                        console.log(`   ✓ Added sample CVE: ${cve.cve_id}`);
                        resolve();
                    }
                }
            );
        });
    }
    */
    
    console.log('ℹ️  Skipping sample data - you can add CVEs through the API or dashboard');
}

// Display setup summary
function displaySummary() {
    console.log('\n╔════════════════════════════════════════════════════════╗');
    console.log('║          CVE DATABASE SETUP COMPLETE!                  ║');
    console.log('╚════════════════════════════════════════════════════════╝');
    console.log('\n📊 What was created:');
    console.log('   ✓ SQLite database (cve_database.db)');
    console.log('   ✓ Tables: cves, documents, required_documents');
    console.log('   ✓ Indexes for fast queries');
    console.log('   ✓ Document compliance view');
    console.log('   ✓ Uploads directory for file storage');
    console.log('\n📁 File structure will be:');
    console.log('   uploads/');
    console.log('     └── CVE-XXXX-XXXX/');
    console.log('         └── VendorName/');
    console.log('             ├── advisory.pdf');
    console.log('             ├── email.pdf');
    console.log('             └── screenshot.png');
    console.log('\n🚀 Next steps:');
    console.log('   1. Start the backend API:');
    console.log('      → cd backend && node server.js');
    console.log('   2. Start the frontend:');
    console.log('      → cd frontend && npm start');
    console.log('   3. Open http://localhost:3000');
    console.log('   4. Start adding CVEs and uploading documents!');
    console.log('\n💡 Tips:');
    console.log('   • Use the Quick Check to verify CVE status');
    console.log('   • Upload documents through the dashboard');
    console.log('   • Documents are auto-organized by CVE ID → Vendor');
    console.log('   • Required docs: Advisory (mandatory for most vendors)\n');
}

// Main execution
async function main() {
    console.log('🚀 CVE Database Setup\n');
    console.log('════════════════════════════════════════\n');
    
    try {
        // Create uploads directory
        createUploadsDirectory();
        
        // Initialize database
        const db = await initializeDatabase();
        
        // Optionally add sample data
        await addSampleData(db);
        
        // Close database connection
        db.close((err) => {
            if (err) console.error('Error closing database:', err);
            else console.log('✓ Database connection closed');
            
            // Display summary
            displaySummary();
        });
        
    } catch (error) {
        console.error('❌ Setup Error:', error);
        process.exit(1);
    }
}

// Run the setup
main();