#!/bin/bash
set -e

# Prosody Docker Entrypoint Script

echo "Initializing Prosody XMPP Server..."

# Wait for MySQL to be ready
if [ -n "$MYSQL_HOST" ]; then
    MYSQL_PORT="${MYSQL_PORT:-3306}"
    MYSQL_TIMEOUT="${MYSQL_TIMEOUT:-60}"

    echo "Waiting for MySQL at $MYSQL_HOST:$MYSQL_PORT (timeout: ${MYSQL_TIMEOUT}s)..."

    counter=0
    until nc -z "$MYSQL_HOST" "$MYSQL_PORT" 2>/dev/null || [ $counter -eq $MYSQL_TIMEOUT ]; do
        counter=$((counter + 1))
        if [ $((counter % 10)) -eq 0 ]; then
            echo "Still waiting for MySQL... (${counter}s elapsed)"
        fi
        sleep 1
    done

    if [ $counter -eq $MYSQL_TIMEOUT ]; then
        echo "ERROR: MySQL at $MYSQL_HOST:$MYSQL_PORT did not become ready within ${MYSQL_TIMEOUT} seconds"
        echo "Please check that:"
        echo "  - MySQL server is running on the host"
        echo "  - MySQL is listening on port $MYSQL_PORT"
        echo "  - MYSQL_HOST environment variable is correctly set"
        echo "  - Firewall allows connection to MySQL port"
        exit 1
    fi

    echo "MySQL is ready! (connected after ${counter}s)"
fi

# Ensure necessary directories exist and are writable
# (directories are already created in Dockerfile with proper ownership)
touch /var/log/prosody/prosody.log /var/log/prosody/prosody.err 2>/dev/null || true

# Copy Let's Encrypt certificate to prosody certs directory if available
CERT_PATH="/etc/prosody/certs/xmpp.guschin.info.crt"
KEY_PATH="/etc/prosody/certs/xmpp.guschin.info.key"
LETSENCRYPT_CERT="/etc/prosody/certs/letsencrypt/fullchain.pem"
LETSENCRYPT_KEY="/etc/prosody/certs/letsencrypt/privkey.pem"

if [ -f "$LETSENCRYPT_CERT" ] && [ -f "$LETSENCRYPT_KEY" ]; then
    echo "Setting up Let's Encrypt certificate..."
    cp "$LETSENCRYPT_CERT" "$CERT_PATH"
    cp "$LETSENCRYPT_KEY" "$KEY_PATH"
    chmod 644 "$CERT_PATH"
    chmod 600 "$KEY_PATH"
    chown prosody:prosody "$CERT_PATH" "$KEY_PATH"
    echo "Let's Encrypt certificate successfully installed"
elif [ ! -f "$CERT_PATH" ] || [ ! -f "$KEY_PATH" ]; then
    echo "Let's Encrypt certificate not found, generating self-signed certificate..."
    openssl req -x509 -newkey rsa:4096 -keyout "$KEY_PATH" -out "$CERT_PATH" \
        -days 365 -nodes -subj "/CN=xmpp.guschin.info"
    chmod 600 "$KEY_PATH"
    chmod 644 "$CERT_PATH"
    chown prosody:prosody "$CERT_PATH" "$KEY_PATH"
else
    echo "Using existing certificates"
fi

echo "Starting Prosody..."

# Ensure proper ownership before running
chown -R prosody:prosody /var/lib/prosody /var/log/prosody /var/run/prosody /etc/prosody

# Execute as root (Prosody in containers running as root is acceptable)
exec "$@"