#!/bin/zsh
set -euo pipefail

if [[ $# -lt 1 ]]; then
  echo "usage: $0 <site>" >&2
  exit 1
fi

SITE="$1"
CRED_FILE="$HOME/.dorian/credentials.json"

site_aliases() {
  case "$1" in
    ralphs.com) echo "ralphs.com ralphs kroger" ;;
    amazon.com) echo "amazon.com amazon" ;;
    *) echo "$1" ;;
  esac
}

get_json_field() {
  local site_key="$1"
  local field="$2"
  python3 - "$CRED_FILE" "$site_key" "$field" <<'PY'
import json, sys
path, site_key, field = sys.argv[1:4]
with open(path, 'r', encoding='utf-8') as fh:
    data = json.load(fh)
value = data.get(site_key, {}).get(field, '')
print(value if value is not None else '')
PY
}

USERNAME=""
PASSWORD=""

if command -v lpass >/dev/null 2>&1; then
  if ! lpass status >/dev/null 2>&1; then
    echo "credential lookup failed: LastPass CLI not authenticated (run: lpass login <email>)" >&2
    exit 5
  fi
  for CANDIDATE in $(site_aliases "$SITE"); do
    [[ -z "$USERNAME" ]] && USERNAME="$(lpass show --username "$CANDIDATE" 2>/dev/null || true)"
    [[ -z "$PASSWORD" ]] && PASSWORD="$(lpass show --password "$CANDIDATE" 2>/dev/null || true)"
    if [[ -n "$USERNAME" && -n "$PASSWORD" ]]; then
      break
    fi
  done
fi

if [[ -z "$USERNAME" || -z "$PASSWORD" ]]; then
  if [[ ! -f "$CRED_FILE" ]]; then
    echo "credential lookup failed: missing LastPass values and $CRED_FILE not found" >&2
    exit 2
  fi
  case "$SITE" in
    ralphs.com) SITE_KEY="ralphs" ;;
    amazon.com) SITE_KEY="amazon" ;;
    *)
      echo "unsupported site: $SITE" >&2
      exit 3
      ;;
  esac
  [[ -z "$USERNAME" ]] && USERNAME="$(get_json_field "$SITE_KEY" username 2>/dev/null || true)"
  [[ -z "$PASSWORD" ]] && PASSWORD="$(get_json_field "$SITE_KEY" password 2>/dev/null || true)"
fi

if [[ -z "$USERNAME" || -z "$PASSWORD" ]]; then
  echo "credential lookup failed for $SITE" >&2
  exit 4
fi

printf 'USERNAME=%s\n' "$USERNAME"
printf 'PASSWORD=%s\n' "$PASSWORD"