# Requires dot-sourcing to persist variables in the current PowerShell session.
# Usage: `. .\db_agent\scripts\Set-DbEnv.ps1 -Server "SUGARSCALE\SQLEXPRESS" -Database "SugarScale_Lasuca" -Username "SugarAI" -Password (Read-Host -AsSecureString)`
# Never commit real credentials.
param(
    [string]$Server = "SUGARSCALE\SQLEXPRESS",
    [string]$Database = "SugarScale_Lasuca",
    [string]$Username = "SugarAI",
    [SecureString]$Password,
    [string]$Driver = "ODBC Driver 17 for SQL Server",
    [bool]$Encrypt = $true,
    [bool]$TrustCertificate = $true
)

function Convert-SecureStringToPlainText {
    param([SecureString]$SecureString)
    if (-not $SecureString) {
        return $null
    }
    $ptr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureString)
    try {
        return [Runtime.InteropServices.Marshal]::PtrToStringBSTR($ptr)
    }
    finally {
        [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ptr)
    }
}

if (-not $Password) {
    $Password = Read-Host -Prompt "Enter DB password" -AsSecureString
}

$plainPassword = Convert-SecureStringToPlainText -SecureString $Password
if (-not $plainPassword) {
    throw "Password is required. Provide -Password (Read-Host -AsSecureString)."}

$env:DB_SERVER = $Server
$env:DB_DATABASE = $Database
$env:DB_USERNAME = $Username
$env:DB_PASSWORD = $plainPassword
$env:DB_DRIVER = $Driver
$env:DB_ENCRYPT = $Encrypt.ToString().ToLower()
$env:DB_TRUST_CERT = $TrustCertificate.ToString().ToLower()

Write-Host "DB env vars set for this session."