#!/usr/bin/env bash
set -euo pipefail

: "${CLOUDFLARE_API_TOKEN:?set CLOUDFLARE_API_TOKEN}"
: "${CLOUDFLARE_ZONE_ID:?set CLOUDFLARE_ZONE_ID}"
: "${BASE_DOMAIN:?set BASE_DOMAIN}"
: "${SERVER_IP:?set SERVER_IP}"

api() {
  curl -fsS -X "$1" "https://api.cloudflare.com/client/v4$2" \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -H 'Content-Type: application/json' \
    ${3:+--data "$3"}
}

upsert_record() {
  local type="$1"
  local name="$2"
  local content="$3"
  local proxied="${4:-false}"
  local existing_id
  existing_id=$(curl -fsS "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records?type=$type&name=$name" \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -H 'Content-Type: application/json' | python3 -c 'import sys,json; d=json.load(sys.stdin); print(d["result"][0]["id"] if d.get("result") else "")')

  local payload
  payload=$(printf '{"type":"%s","name":"%s","content":"%s","ttl":120,"proxied":%s}' "$type" "$name" "$content" "$proxied")

  if [[ -n "$existing_id" ]]; then
    api PUT "/zones/$CLOUDFLARE_ZONE_ID/dns_records/$existing_id" "$payload" >/dev/null
  else
    api POST "/zones/$CLOUDFLARE_ZONE_ID/dns_records" "$payload" >/dev/null
  fi
}

upsert_record A "$BASE_DOMAIN" "$SERVER_IP" false
upsert_record A "git.$BASE_DOMAIN" "$SERVER_IP" false
upsert_record A "registry.$BASE_DOMAIN" "$SERVER_IP" false

echo "cloudflare dns updated for $BASE_DOMAIN, git.$BASE_DOMAIN, registry.$BASE_DOMAIN"