#!/usr/bin/env bash

SERVER="http://192.168.100.5:10000"
USER="admin"
PASS="admin"

# Login starten
curl -s -X POST \
  "$SERVER/api/v1/auth/login" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "X-Client-Type: mobile" \
  -d "username=$USER&password=$PASS" >/dev/null

TOTP_SECRET="RXYMA5MLSBADJX4XM3UG74LTVOS6QQ6J"
MFA=$(oathtool --totp -b "$TOTP_SECRET")

# MFA verifizieren
TOKENS=$(curl -s -X POST \
  "$SERVER/api/v1/auth/mfa/verify" \
  -H "Content-Type: application/json" \
  -H "X-Client-Type: mobile" \
  -d "{
    \"username\": \"$USER\",
    \"mfa_code\": \"$MFA\"
  }")
ACCESS_TOKEN=$(echo "$TOKENS" | jq -r '.access_token')

curl -X POST \
  "$SERVER/api/v1/activities/create/upload" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "X-Client-Type: mobile" \
  -F "file=@activity.gpx"