package secret

import (
	"fmt"
	"os"

	"github.com/spf13/cobra"

	"github.com/wild-cloud/wild-cli/internal/config"
	"github.com/wild-cloud/wild-cli/internal/environment"
)

var checkMode bool

func newGetCommand() *cobra.Command {
	cmd := &cobra.Command{
		Use:   "get <path>",
		Short: "Get a secret value",
		Long: `Get a secret value from secrets.yaml using a dot-notation path.

For security reasons, secret values are displayed as-is. Be careful when using
in scripts or logs that might be shared.

Examples:
  wild secret get database.password
  wild secret get apps.myapp.api_key
  wild secret get certificates.tls.key`,
		Args: cobra.ExactArgs(1),
		RunE: runGet,
	}

	cmd.Flags().BoolVar(&checkMode, "check", false, "exit 1 if key doesn't exist (no output)")

	return cmd
}

func runGet(cmd *cobra.Command, args []string) error {
	path := args[0]

	// Initialize environment
	env := environment.New()
	if err := env.RequiresProject(); err != nil {
		return err
	}

	// Create config manager
	mgr := config.NewManager(env.ConfigPath(), env.SecretsPath())

	// Get the secret value
	value, err := mgr.GetSecret(path)
	if err != nil {
		if checkMode {
			os.Exit(1)
		}
		return fmt.Errorf("getting secret value: %w", err)
	}

	// Handle null/missing values
	if value == nil {
		if checkMode {
			os.Exit(1)
		}
		return fmt.Errorf("key path '%s' not found in secrets file", path)
	}

	// In check mode, exit 0 if key exists (don't output value)
	if checkMode {
		return nil
	}

	// Output the value (no logging to avoid secrets in logs)
	fmt.Println(value)
	return nil
}