#!/usr/bin/env bash
# Fix Blockscout for Forge contract verification (Etherscan-compatible API)
# 1. Adds nginx location for exact /api with internal rewrite to /api/
# 2. Sets Host to 127.0.0.1 when proxying to prevent Blockscout redirect
#
# Usage: ./scripts/fix-blockscout-forge-verification.sh

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

HOST="${PROXMOX_R630_02:-192.168.11.12}"
VMID=5000
IP="${IP_BLOCKSCOUT:-192.168.11.140}"

echo "=== Fix Blockscout for Forge Verification ==="

ssh -o ConnectTimeout=10 root@"$HOST" "pct exec $VMID -- bash -s" << 'ENDSSH'
set -e
CFG=/etc/nginx/sites-available/blockscout

# Ensure location = /api with rewrite exists (internal redirect, no 301)
if ! grep -q 'rewrite ^ /api/' "$CFG" 2>/dev/null; then
  # Insert before location /api/
  sed -i '/location \/api\//i\
    # Forge verify: internal redirect /api -> /api/ (avoids 301)\
    location = /api {\
        rewrite ^ /api/$is_args$args last;\
    }\
' "$CFG"
  echo "Added location = /api"
fi

# In location /api/, set Host 127.0.0.1 to avoid Blockscout redirect-by-host
sed -i '/location \/api\//,/location \/health/ {
  s|proxy_set_header Host \$host;|proxy_set_header Host 127.0.0.1;|
}' "$CFG" 2>/dev/null || true

nginx -t && systemctl reload nginx && echo "Nginx reloaded"
ENDSSH

echo ""
echo "Verifier URL: http://${IP}/api/"
echo "If forge still fails with 'module and action required', use manual verification:"
echo "  https://explorer.d-bis.org/address/<CONTRACT>#verify-contract"
echo ""
echo "Test: source smom-dbis-138/.env && ./scripts/verify-contracts-blockscout.sh"