upload

var Cmd = &cobra.Command{
	Use:   "upload",
	Short: "Upload a file and register/update its DRS record",
	RunE: func(cmd *cobra.Command, args []string) error {
		ctx := cmd.Context()
		if strings.TrimSpace(uploadFile) == "" {
			return fmt.Errorf("--file is required")
		}

		srcPath := strings.TrimSpace(uploadFile)
		info, err := os.Stat(srcPath)
		if err != nil {
			return fmt.Errorf("stat source file: %w", err)
		}
		if info.IsDir() {
			return fmt.Errorf("--file must be a regular file")
		}

		org := strings.TrimSpace(uploadOrg)
		if org == "" {
			return fmt.Errorf("--org is required")
		}
		project := strings.TrimSpace(uploadProject)

		c, err := cliauth.NewServerClient(cmd)
		if err != nil {
			return err
		}

		bucketName := ""
		if buckets, listErr := c.Buckets().List(ctx); listErr != nil {
			return fmt.Errorf("resolve bucket for scope: %w", listErr)
		} else {
			resolvedBucket, resolveErr := resolveUploadBucketForScope(buckets, org, project)
			if resolveErr != nil {
				return resolveErr
			}
			bucketName = resolvedBucket
		}

		fileBytes, err := os.ReadFile(srcPath)
		if err != nil {
			return fmt.Errorf("read file for hashing: %w", err)
		}
		hash := sha256.Sum256(fileBytes)
		checksum := hex.EncodeToString(hash[:])

		recordPath, err := uploadRecordPath(srcPath)
		if err != nil {
			return err
		}
		name := filepath.Base(srcPath)
		authzMap := syfoncommon.AuthzMapFromScope(org, project)
		did := strings.TrimSpace(uploadDID)
		if did == "" {
			if project == "" {
				return fmt.Errorf("--project is required when --did is omitted")
			}
			did, err = intcommon.MintObjectIDFromChecksum(checksum, syfoncommon.AuthzMapToControlledAccess(authzMap))
			if err != nil {
				return err
			}
		}

		am := drsapi.AccessMethod{Type: "s3"}
		drsObj := &drsapi.DrsObject{
			Id:   did,
			Name: &name,
			Size: info.Size(),
			Checksums: []drsapi.Checksum{
				{Type: "sha256", Checksum: checksum},
			},
			AccessMethods: &[]drsapi.AccessMethod{am},
		}
		if authzMap != nil {
			controlled := syfoncommon.AuthzMapToControlledAccess(authzMap)
			drsObj.ControlledAccess = &controlled
		}
		overwriteWarning, err := ensureWritableDID(ctx, c.DRS(), did, uploadOverwrite)
		if err != nil {
			return err
		}
		if overwriteWarning != "" {
			fmt.Fprintf(cmd.ErrOrStderr(), "warning: %s\n", overwriteWarning)
		}

		fmt.Fprintf(cmd.OutOrStdout(), "Uploading %s -> DID: %s\n", srcPath, did)

		progress := transferprogress.New(cmd.OutOrStdout(), filepath.Base(srcPath), info.Size())
		progress.Start()
		uploadCtx := transferprogress.WithProgress(ctx, did, progress)

		registered, err := upload.RegisterFile(uploadCtx, c.Data(), c.DRS(), drsObj, srcPath, bucketName)
		if err != nil {
			progress.Abort()
			return fmt.Errorf("upload failed: %w", err)
		}
		progress.Finish()

		finalID := did
		if registered != nil && strings.TrimSpace(registered.Id) != "" {
			finalID = strings.TrimSpace(registered.Id)
		}
		if registered != nil && registered.AccessMethods != nil && len(*registered.AccessMethods) > 0 {
			objectURL := ""
			for _, am := range *registered.AccessMethods {
				if am.AccessUrl != nil && strings.TrimSpace(am.AccessUrl.Url) != "" {
					objectURL = strings.TrimSpace(am.AccessUrl.Url)
					break
				}
			}
			if objectURL != "" {
				if err := c.Index().Upsert(ctx, finalID, objectURL, recordPath, info.Size(), checksum, authzMap); err != nil {
					return fmt.Errorf("sync index record: %w", err)
				}
			}
		}
		fmt.Fprintf(cmd.OutOrStdout(), "\nsuccessfully uploaded %s\n", finalID)
		fmt.Fprintf(cmd.OutOrStdout(), "requested DID: %s\n", did)
		return nil
	},
}