#!/usr/bin/env bash
# Download MaxMind GeoLite2-City database.
# Requires MAXMIND_ACCOUNT_ID and MAXMIND_LICENSE_KEY environment variables (free tier).
# Usage: MAXMIND_ACCOUNT_ID=xxx MAXMIND_LICENSE_KEY=xxx bash scripts/update_geoip.sh [output_dir]
set -euo pipefail

OUTPUT_DIR="${1:-/data/geoip}"
DB_NAME="GeoLite2-City"

if [ -z "${MAXMIND_LICENSE_KEY:-}" ]; then
  echo "Error: MAXMIND_LICENSE_KEY not set" >&2
  echo "Get a free license key at https://www.maxmind.com/en/geolite2/signup" >&2
  exit 1
fi

if [ -z "${MAXMIND_ACCOUNT_ID:-}" ]; then
  echo "Error: MAXMIND_ACCOUNT_ID not set" >&2
  exit 1
fi

TMPDIR=$(mktemp -d)
trap 'rm -rf "$TMPDIR"' EXIT

echo "Downloading ${DB_NAME}..."
# Use HTTP Basic auth to keep the license key out of the URL/process list
curl -fsSL \
  -u "${MAXMIND_ACCOUNT_ID}:${MAXMIND_LICENSE_KEY}" \
  "https://download.maxmind.com/geoip/databases/${DB_NAME}/download?suffix=tar.gz" \
  -o "$TMPDIR/${DB_NAME}.tar.gz"

echo "Extracting..."
tar -xzf "$TMPDIR/${DB_NAME}.tar.gz" -C "$TMPDIR"

MMDB=$(find "$TMPDIR" -name "${DB_NAME}.mmdb" -type f | head -1)
if [ -z "$MMDB" ]; then
  echo "Error: ${DB_NAME}.mmdb not found in archive" >&2
  exit 1
fi

mkdir -p "$OUTPUT_DIR"
cp "$MMDB" "$OUTPUT_DIR/${DB_NAME}.mmdb"
echo "Installed: $OUTPUT_DIR/${DB_NAME}.mmdb ($(du -h "$OUTPUT_DIR/${DB_NAME}.mmdb" | cut -f1))"