import os, paramiko, time
PW = os.environ["REMOTE_PASS"]
c = paramiko.SSHClient()
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
c.connect("207.57.129.228", port=19717, username="root", password=PW, timeout=15, allow_agent=False, look_for_keys=False)

def run(cmd, t=60):
    si, so, se = c.exec_command(cmd, timeout=t)
    out = so.read().decode("utf-8", "replace")
    err = se.read().decode("utf-8", "replace")
    rc = so.channel.recv_exit_status()
    print(f"$ {cmd}")
    if out: print(out, end="")
    if err: print("[err]", err, end="", file=__import__("sys").stderr)
    print(f"  rc={rc}")
    return out

run("cd /srv/news && sudo -u news git pull --rebase 2>&1 | tail -3")
# 只重建 api(代码变更)
run("cd /srv/news && sg docker -c 'docker compose up -d --force-recreate --no-deps --build api' 2>&1 | tail -5", t=120)
time.sleep(8)

# 测试登录
print("\n=== 测登录 ===")
owner_pw = run("cat /root/.owner_pass").strip()
login_cmd = f"curl -s -X POST http://localhost/api/v1/auth/login -H 'Content-Type: application/json' -d '{{\"username\":\"owner\",\"password\":\"{owner_pw}\"}}'"
out = run(login_cmd)
import json
try:
    data = json.loads(out)
    token = data.get("access_token", "")
    if token:
        print(f"\n[OK] 登录成功,token 前 40: {token[:40]}...")
        # 测拉 articles
        art = run(f"curl -s -H 'Authorization: Bearer {token}' 'http://localhost/api/v1/articles?limit=3'")
        try:
            ad = json.loads(art)
            print(f"  articles 数: {len(ad.get('items', []))}")
        except Exception as e:
            print(f"  parse err: {e}")
            print(f"  raw: {art[:200]}")
    else:
        print(f"\n[FAIL] 登录失败,响应: {out[:300]}")
        # 看 api 日志
        log_out = run("cd /srv/news && sg docker -c 'docker compose logs --tail=30 api' 2>&1 | tail -20")
except Exception as e:
    print(f"parse err: {e}\n  raw: {out[:300]}")
c.close()