#!/bin/bash
# Security Audit Script for AutonetSellCar.com
# Run: ./scripts/security-audit.sh

set -e

echo "=========================================="
echo "  Security Audit - $(date '+%Y-%m-%d %H:%M')"
echo "=========================================="

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

CRITICAL=0
HIGH=0

# Frontend audit
echo -e "\n${YELLOW}[1/2] Frontend (Next.js)${NC}"
cd frontend
AUDIT_RESULT=$(npm audit --json 2>/dev/null || true)
FRONT_CRITICAL=$(echo "$AUDIT_RESULT" | grep -o '"critical":[0-9]*' | head -1 | cut -d: -f2)
FRONT_HIGH=$(echo "$AUDIT_RESULT" | grep -o '"high":[0-9]*' | head -1 | cut -d: -f2)

if [ "${FRONT_CRITICAL:-0}" -gt 0 ] || [ "${FRONT_HIGH:-0}" -gt 0 ]; then
    echo -e "${RED}VULNERABILITIES FOUND:${NC}"
    npm audit --omit=dev 2>/dev/null | grep -A 5 "Severity:"
    CRITICAL=$((CRITICAL + ${FRONT_CRITICAL:-0}))
    HIGH=$((HIGH + ${FRONT_HIGH:-0}))
else
    echo -e "${GREEN}No critical/high vulnerabilities${NC}"
fi
cd ..

# Backend audit (pip-audit)
echo -e "\n${YELLOW}[2/2] Backend (Python)${NC}"
cd backend
if command -v pip-audit &> /dev/null; then
    pip-audit 2>/dev/null || echo "pip-audit check complete"
else
    echo "pip-audit not installed. Run: pip install pip-audit"
fi
cd ..

# Summary
echo -e "\n=========================================="
echo "  Summary"
echo "=========================================="
if [ "$CRITICAL" -gt 0 ]; then
    echo -e "${RED}CRITICAL: $CRITICAL${NC}"
fi
if [ "$HIGH" -gt 0 ]; then
    echo -e "${RED}HIGH: $HIGH${NC}"
fi
if [ "$CRITICAL" -eq 0 ] && [ "$HIGH" -eq 0 ]; then
    echo -e "${GREEN}All clear - No critical/high vulnerabilities${NC}"
fi

exit $((CRITICAL + HIGH))