import fs from 'fs';
import https from 'https';
import os from 'os';
import path from 'path';
import axios, { AxiosInstance } from 'axios';

/** Client for GitLab API using Axios */
export interface GitlabClientOptions {
  /** GitLab private token */
  token: string;
  /** GitLab base URL (e.g. https://gitlab.teleport.ftprod.fr/) */
  url?: string;
  workDir?: string;
}

export class GitlabClient {
  public readonly instance: AxiosInstance;

  constructor({
    token,
    url = 'https://gitlab.teleport.ftprod.fr/',
    workDir = os.homedir() + '/.ftprod-ai/tbot',
  }: GitlabClientOptions) {
    if (!token) {
      throw new Error('Le jeton GitLab est requis pour GitlabClient');
    }
    const baseURL = url.replace(/\/+$/, '') + '/api/v4';
    // Optionally load TLS client certs if present
    const certPath = path.join(workDir, 'dest', 'tls.crt');
    const keyPath = path.join(workDir, 'dest', 'tls.key');
    let httpsAgent: https.Agent | undefined;
    if (fs.existsSync(certPath) && fs.existsSync(keyPath)) {
      try {
        const agentOptions: https.AgentOptions = {
          rejectUnauthorized: false,
          cert: fs.readFileSync(certPath),
          key: fs.readFileSync(keyPath),
        };
        httpsAgent = new https.Agent(agentOptions);
      } catch {
        // ignore cert loading errors, fallback to no agent
        httpsAgent = undefined;
      }
    }
    // Create Axios instance; prefer a TLS-enabled instance if possible
    let instance: AxiosInstance;
    if (httpsAgent) {
      try {
        const created = axios.create({
          baseURL,
          headers: { 'PRIVATE-TOKEN': token },
          httpsAgent,
        });
        // Fallback to global axios if create() did not yield a usable instance
        instance = created && typeof created.get === 'function' ? created : axios;
      } catch {
        instance = axios;
      }
    } else {
      instance = axios;
    }
    this.instance = instance;
  }
}