#!/usr/bin/env bash
# logmail — Hardened event logger
set -euo pipefail
shopt -s inherit_errexit 2>/dev/null || true

SDIR="$(cd "$(dirname "$0")" && pwd)"
source "${SDIR}/se_client.sh"

# ── Input validation ───────────────────────────────────────────────────────
if [[ $# -lt 3 ]]; then
    printf 'Usage: %s severity message event_type [payload]\n' "$0" >&2
    exit 1
fi

readonly SEVERITY="${1:-}"
readonly MESSAGE="${2:-}"
readonly EVENT_TYPE="${3:-}"
readonly PAYLOAD="${4:-}"

# Validate severity
readonly VALID_SEVERITIES="critical alert error warning notice info debug"
if [[ ! " ${VALID_SEVERITIES} " =~ " ${SEVERITY} " ]]; then
    se_log "err" "logmail: invalid severity: ${SEVERITY}"
    exit 1
fi

# Validate message length
if [[ "${#MESSAGE}" -gt 2048 ]]; then
    se_log "err" "logmail: message exceeds 2048 chars"
    exit 1
fi

# Validate event_type
if [[ "${#EVENT_TYPE}" -gt 128 ]]; then
    se_log "err" "logmail: event_type exceeds 128 chars"
    exit 1
fi

# ── Build and send ─────────────────────────────────────────────────────────
BODY="$(jq -n \
    --arg s "${SEVERITY}" \
    --arg m "${MESSAGE}" \
    --arg i "${NODE_ID}" \
    --arg t "${EVENT_TYPE}" \
    --arg p "${PAYLOAD}" \
    '{"severity":$s,"message":$m,"source":$i,"event_type":$t,"payload":$p,"timestamp":now}')"

RESULT="$(se_curl_post_retry "/a/security/event" "${BODY}" 2>/dev/null || printf '%s' '')"

if [[ -n "${RESULT}" ]]; then
    se_log "info" "event_send: ${SEVERITY} ${EVENT_TYPE} sent"
    printf '%s\n' "OK"
    exit 0
else
    se_log "err" "event_send: ${SEVERITY} ${EVENT_TYPE} failed after retries"
    printf '%s\n' "FAIL"
    exit 1
fi
