#!/usr/bin/env bash
set -euo pipefail

ENV_FILE="/var/www/html/.env"

upsert_kv() {
  local key="$1" val="$2"
  if grep -qE "^${key}=" "$ENV_FILE" 2>/dev/null; then
    sed -i "s#^${key}=.*#${key}=${val}#" "$ENV_FILE"
  else
    printf "%s=%s\n" "$key" "$val" >> "$ENV_FILE"
  fi
}

# Bootstrap .env from template if not present
if [ ! -f "$ENV_FILE" ]; then
  if [ -f /var/www/html/env.example.txt ]; then
    cp /var/www/html/env.example.txt "$ENV_FILE"
  else
    touch "$ENV_FILE"
  fi
fi

# Inject database and app config from environment variables
upsert_kv "DB_HOST"     "${DB_HOST:-db}"
upsert_kv "DB_PORT"     "${DB_PORT:-3306}"
upsert_kv "DB_DATABASE" "${DB_DATABASE:-domain_monitor}"
upsert_kv "DB_USERNAME" "${DB_USERNAME:-domain_monitor}"
upsert_kv "DB_PASSWORD" "${DB_PASSWORD:-}"
upsert_kv "APP_ENV"     "${APP_ENV:-production}"

[ -n "${APP_ENCRYPTION_KEY:-}" ] && upsert_kv "APP_ENCRYPTION_KEY" "$APP_ENCRYPTION_KEY"
[ -n "${SESSION_LIFETIME:-}" ]   && upsert_kv "SESSION_LIFETIME"   "$SESSION_LIFETIME"

# Ownership & permissions on runtime-writable paths
chown www-data:www-data "$ENV_FILE"
chmod 660 "$ENV_FILE"

for d in logs cache public/assets/uploads; do
  dir="/var/www/html/$d"
  [ -d "$dir" ] && chown -R www-data:www-data "$dir" && chmod -R 775 "$dir"
done

exec "$@"