#!/bin/bash -e

function get_token() {
    kubectl exec app-0 -- gitea admin user generate-access-token \
            --username "$NAME" \
            --token-name "${NAME^^}" \
            --scopes "$scopes" \
        | awk '{print $NF}'
}

export NAME="$1"
scopes="$2"
export EMAIL="$NAME@$BASE_URL"
export SECRET="gitea-$NAME"

if ! kubectl get secret "$SECRET" > /dev/null 2>&1; then
    p="$(openssl rand -hex 32)"
    kapply common/createadmin.yaml
else
    p="$(kgseckey "$SECRET" password)"
fi

opts=()
if [ -n "$scopes" ]; then
    token="$(kgseckey "$SECRET" token || get_token)"
    opts+=(--from-literal=token="$token")
fi

kcreatesec "$SECRET" \
    --from-literal=email="$NAME@$BASE_URL" \
    --from-literal=username="$SECRET" \
    --from-literal=password="$p" \
    "${opts[@]}"