#!/bin/bash
#
# wizard-reset — clear first-boot wizard state to re-test the setup flow.
#
# Three levels of fidelity, from fastest to most-fresh-install-like:
#
#   light  — clear wizard_completed flag only. Wizard runs again but the
#            current session is preserved, so step 1 lands on the
#            "Keep current password / Change password" view (case c).
#            Cheapest reset; good for iterating on wizard UI.
#
#   medium — light + restart vendora-admin so every session cookie is
#            invalidated. Wizard step 1 lands on the "Sign in to continue"
#            view (case b). Good for verifying the auth boundary works.
#
#   heavy  — medium + clear the owner password hash too. Wizard step 1
#            lands on the initial "Set password" form (case a). The
#            closest you can get to a fresh image flash without
#            reflashing — useful before shipping a build.
#
# Usage:
#   wizard-reset            # defaults to medium
#   wizard-reset light
#   wizard-reset medium
#   wizard-reset heavy
#
# Notes:
#   - Hostname and WAN config are NOT reset. Resetting hostname would
#     disrupt anything that cached the current name; resetting WAN to
#     DHCP could knock you off the network on Static/PPPoE installs.
#     The wizard's hostname + WAN steps are idempotent — re-running
#     them is harmless even with current values.
#   - Audit log is untouched (it's a historical record of what happened,
#     not state to be reset).
#   - vendora-license cache (the licensed=True flag) is also untouched,
#     so the captive portal stays operational throughout the reset.

set -euo pipefail

DB=/var/lib/vendora/state.db
LEVEL="${1:-medium}"

if [ ! -f "$DB" ]; then
    echo "wizard-reset: $DB not found — is vendora-coin running?" >&2
    exit 2
fi

case "$LEVEL" in
    light)
        sqlite3 "$DB" "DELETE FROM config WHERE key='wizard_completed';"
        echo "[wizard-reset] light: cleared wizard_completed flag"
        echo "[wizard-reset] visit http://10.0.10.1:8080/ to re-run the wizard"
        echo "[wizard-reset] (current session preserved — step 1 = keep/change pw)"
        ;;
    medium)
        sqlite3 "$DB" "DELETE FROM config WHERE key='wizard_completed';"
        systemctl restart vendora-admin
        echo "[wizard-reset] medium: cleared wizard flag + restarted vendora-admin"
        echo "[wizard-reset] all admin sessions invalidated"
        echo "[wizard-reset] visit http://10.0.10.1:8080/ to re-run the wizard"
        echo "[wizard-reset] (step 1 = sign-in form)"
        ;;
    heavy)
        sqlite3 "$DB" "DELETE FROM config WHERE key IN ('wizard_completed','owner_password_hash');"
        systemctl restart vendora-admin
        echo "[wizard-reset] heavy: cleared wizard flag + owner password + restarted vendora-admin"
        echo "[wizard-reset] device is now in fresh-install state"
        echo "[wizard-reset] visit http://10.0.10.1:8080/ to start from password setup"
        ;;
    -h|--help|help)
        cat <<'EOF'
wizard-reset — clear first-boot wizard state to re-test the setup flow

Usage: wizard-reset [light|medium|heavy]

  light   clear wizard flag only (current session preserved)
  medium  light + restart vendora-admin (sessions dropped) [default]
  heavy   medium + clear owner password (fresh-install simulation)

Hostname, WAN config, license cache, and audit log are NOT reset.
EOF
        ;;
    *)
        echo "wizard-reset: unknown level '$LEVEL'" >&2
        echo "usage: $0 [light|medium|heavy]   (try '$0 --help')" >&2
        exit 1
        ;;
esac
