#!/usr/bin/env bash
# Test Wazuh-style alert → Ligbox Ops ingress
set -euo pipefail
ENV_FILE="${ENV_FILE:-/opt/ligbox-ops-platform/.env}"
if [[ -f "$ENV_FILE" ]]; then
  set -a
  # shellcheck disable=SC1090
  source "$ENV_FILE"
  set +a
fi

OPS="${OPS_URL:-http://10.10.10.122:8080}"
SECRET="${WAZUH_WEBHOOK_SECRET:-ligbox-wazuh-dev-secret}"

curl -sf -X POST "$OPS/api/v1/webhooks/ingress/wazuh" \
  -H "Content-Type: application/json" \
  -H "X-Webhook-Secret: $SECRET" \
  -d '{
    "id": "test-wazuh-'$(date +%s)'",
    "rule": {"id": 5710, "level": 12, "description": "SSH brute force attempt detected"},
    "agent": {"name": "ops-hub", "ip": "10.10.10.103"},
    "data": {"srcip": "203.0.113.99"}
  }' | python3 -m json.tool

echo "--- tickets wazuh (auth required) ---"
DESK_PASS="${DESK_BOOTSTRAP_PASSWORD:-805353}"
sleep 2
TOKEN=$(curl -s -X POST "$OPS/api/v1/auth/login" \
  -H "Content-Type: application/json" \
  -d "{\"username\":\"root\",\"password\":\"$DESK_PASS\"}" \
  | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('access_token',''))")
if [[ -z "$TOKEN" ]]; then
  echo "FAIL: could not obtain auth token"
  exit 1
fi
curl -sf -H "Authorization: Bearer $TOKEN" "$OPS/api/v1/desk/tickets?source=wazuh" | python3 -m json.tool | head -25