#!/usr/bin/env bash
set -euo pipefail

REPO_DIR="."
SECRETS_DIR="$REPO_DIR/data/secrets"
RUNTIME_ENV="$SECRETS_DIR/runtime.env"

# 1️⃣ Ensure secrets folder
mkdir -p "$SECRETS_DIR"

# 2️⃣ If runtime.env already exists, source it
if [ -f "$RUNTIME_ENV" ]; then
  echo "♻️  Found existing secrets in $RUNTIME_ENV — reusing."
  # shellcheck disable=SC1091
  source "$RUNTIME_ENV"
else
  echo "🔐 No existing secrets found. Generating new ones…"

  # generate defaults
  DB_USER="postgres"
  DB_PASS="$(openssl rand -hex 16)"
  DB_NAME="lnbitsdb"
  FLASK_SECRET="$(openssl rand -hex 32)"
  DATABASE_URL="postgresql://${DB_USER}:${DB_PASS}@db:5432/${DB_NAME}"

  cat > "$RUNTIME_ENV" <<EOF
DB_USER=${DB_USER}
DB_PASS=${DB_PASS}
DB_NAME=${DB_NAME}
DATABASE_URL=${DATABASE_URL}
FLASK_SECRET=${FLASK_SECRET}
EOF

  echo "✅ Generated new secrets in $RUNTIME_ENV"
fi

# 3️⃣ Build & run
cd "$REPO_DIR"
docker-compose up -d --build

# 4️⃣ Show the values back to the user
echo
echo "🚀 Services are up!"
echo
echo "🔐 Database credentials (from $RUNTIME_ENV):"
echo "   DB_USER:     ${DB_USER:-<missing>}"
echo "   DB_PASS:     ${DB_PASS:-<missing>}"
echo "   DB_NAME:     ${DB_NAME:-<missing>}"
echo
echo "🔑 Flask session secret:"
echo "   ${FLASK_SECRET:-<missing>}"
echo
echo "🌐 Open the web UI: http://localhost:3000"