#!/usr/bin/env bash
set -euo pipefail

ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
TARGET_FILE="$ROOT_DIR/docker/prod/docker-compose.yml"
ANCHOR_LINE="      - ADMIN_SESSION_DIR=/usr/src/app/src/data/sessions"
EXPECTED_LINE="      - ADMIN_SESSION_COOKIE_SECURE=true"

if [[ ! -f "$TARGET_FILE" ]]; then
  exit 0
fi

export TARGET_FILE
export ANCHOR_LINE
export EXPECTED_LINE

result=$(python3 <<'PY'
import os
import pathlib
import re
import sys

path = pathlib.Path(os.environ['TARGET_FILE'])
anchor = os.environ['ANCHOR_LINE']
expected = os.environ['EXPECTED_LINE']
text = path.read_text()
changed = False

if 'ADMIN_SESSION_COOKIE_SECURE' in text:
    pattern = re.compile(r'(\-\s*ADMIN_SESSION_COOKIE_SECURE\s*=\s*)([^\n\r]+)')
    new_text, count = pattern.subn(r'\1true', text, count=1)
    if count:
        changed = new_text != text
else:
    if anchor not in text:
        print('ERROR: Anchor line not found for ADMIN_SESSION_COOKIE_SECURE insertion', file=sys.stderr)
        sys.exit(2)
    new_text = text.replace(anchor, anchor + '\n' + expected, 1)
    changed = True

if expected not in new_text:
    print('ERROR: Failed to ensure ADMIN_SESSION_COOKIE_SECURE=true in docker-compose.yml', file=sys.stderr)
    sys.exit(3)

if changed:
    path.write_text(new_text)
    print('UPDATED')
else:
    print('UNCHANGED')
PY
)
status=$?

if [[ $status -ne 0 ]]; then
  echo "$result"
  echo "[pre-commit] Failed to normalize ADMIN_SESSION_COOKIE_SECURE" >&2
  exit $status
fi

if [[ $result == "UPDATED" ]]; then
  echo "[pre-commit] Normalized ADMIN_SESSION_COOKIE_SECURE in docker/prod/docker-compose.yml"
  git -C "$ROOT_DIR" add "$TARGET_FILE"
fi

exit 0