#!/usr/bin/env bash
# deactivate-matrix.sh — desactiva un usuario Matrix via Synapse admin API
#
# Uso:
#   ./dev-scripts/agent/deactivate-matrix.sh <agent-id>
#
# Desactiva la cuenta del bot en el homeserver. La accion es irreversible
# desde la API (el usuario no podra volver a loguearse).
#
# Requiere en .env:
#   MATRIX_ADMIN_TOKEN, MATRIX_HOMESERVER, MATRIX_SERVER_NAME

source "$(dirname "$0")/../_common.sh"
load_env

need_arg "${1:-}"

ID="$1"
NORM="$(normalize_id "$ID")"

[[ -n "${MATRIX_ADMIN_TOKEN:-}" ]] || fail "MATRIX_ADMIN_TOKEN no esta en .env"
[[ -n "${MATRIX_HOMESERVER:-}" ]]  || fail "MATRIX_HOMESERVER no esta en .env"
[[ -n "${MATRIX_SERVER_NAME:-}" ]] || fail "MATRIX_SERVER_NAME no esta en .env"

USER_ID="@${ID}:${MATRIX_SERVER_NAME}"

info "Desactivando $USER_ID en $MATRIX_HOMESERVER..."

# Synapse admin API: deactivate user
# https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#deactivate-account
HTTP_CODE=$(curl -s -o /tmp/_deactivate_response.json -w '%{http_code}' \
  -X POST \
  "${MATRIX_HOMESERVER}/_synapse/admin/v1/deactivate/${USER_ID}" \
  -H "Authorization: Bearer ${MATRIX_ADMIN_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"erase": false}')

if [[ "$HTTP_CODE" == "200" ]]; then
  ok "$USER_ID desactivado exitosamente"
elif [[ "$HTTP_CODE" == "404" ]]; then
  warn "Usuario $USER_ID no encontrado en el servidor (ya eliminado?)"
else
  BODY=$(cat /tmp/_deactivate_response.json 2>/dev/null || echo "(sin respuesta)")
  fail "Error al desactivar $USER_ID — HTTP $HTTP_CODE: $BODY"
fi

rm -f /tmp/_deactivate_response.json