#!/usr/bin/env bash
set -euo pipefail

# Quick reference guide for JWT authentication
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh"
JWT_VMID="${JWT_VMID:-2101}"
JWT_HOST="$(get_host_for_vmid "$JWT_VMID")"

cat <<'REF'
╔════════════════════════════════════════════════════════════════╗
║           JWT Authentication - Quick Reference                 ║
╚════════════════════════════════════════════════════════════════╝

📋 ENDPOINTS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Permissioned (JWT Required):
  • https://rpc-http-prv.d-bis.org
  • wss://rpc-ws-prv.d-bis.org

Public (No Auth):
  • https://rpc-http-pub.d-bis.org
  • wss://rpc-ws-pub.d-bis.org

🔑 GENERATE TOKEN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
./scripts/generate-jwt-token-for-container.sh 2101 [username] [expiry_days]

Example:
  ./scripts/generate-jwt-token-for-container.sh 2101 my-app 30

🧪 TEST ENDPOINT
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
TOKEN="your-token-here"
curl -k \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' \
  https://rpc-http-prv.d-bis.org

REF

cat <<EOF

🔍 CHECK STATUS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ssh root@${JWT_HOST} "pct exec ${JWT_VMID} -- systemctl status nginx jwt-validator"

📊 VIEW LOGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Access logs
ssh root@${JWT_HOST} "pct exec ${JWT_VMID} -- tail -f /var/log/nginx/rpc-http-prv-access.log"

# Error logs
ssh root@${JWT_HOST} "pct exec ${JWT_VMID} -- tail -f /var/log/nginx/rpc-http-prv-error.log"

# JWT validator logs
ssh root@${JWT_HOST} "pct exec ${JWT_VMID} -- journalctl -u jwt-validator -f"

🔧 TROUBLESHOOTING
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Restart services
ssh root@${JWT_HOST} "pct exec ${JWT_VMID} -- systemctl restart nginx jwt-validator"

# Test nginx config
ssh root@${JWT_HOST} "pct exec ${JWT_VMID} -- nginx -t"

# Check JWT secret
ssh root@${JWT_HOST} "pct exec ${JWT_VMID} -- cat /etc/nginx/jwt_secret"

📚 DOCUMENTATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
docs/04-configuration/RPC_JWT_AUTHENTICATION.md
docs/04-configuration/RPC_JWT_SETUP_COMPLETE.md
docs/04-configuration/RPC_DNS_CONFIGURATION.md

EOF