#!/bin/bash
set -e

# Source environment variables
source /app/.env

# Function to generate a random password
generate_password() {
    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1
}

# Create a secrets directory in data (which is writable)
mkdir -p /app/data/secrets

# Check for initialization status
if [[ ! -f /app/data/.initialized ]]; then
    echo "Fresh installation, initializing..."
    
    # Generate and store passwords
    if [ -z "$ELASTIC_PASSWORD" ]; then
        ELASTIC_PASSWORD=$(generate_password)
        echo "Generated new secure password for Elasticsearch user 'elastic'"
    fi
    echo "$ELASTIC_PASSWORD" > /app/data/secrets/elastic_password
    
    # Mark as initialized
    touch /app/data/.initialized
    echo "Initialization complete."
else
    echo "Loading existing configuration..."
    # Load existing passwords
    if [ -f "/app/data/secrets/elastic_password" ]; then
        ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
    fi
fi

# Set up the correct directories
mkdir -p /app/data/elasticsearch
mkdir -p /app/data/logs
mkdir -p /app/data/config

# Copy elasticsearch.yml to config directory if it doesn't exist
if [ ! -f /app/data/config/elasticsearch.yml ]; then
    cp /app/data/config/elasticsearch.yml.orig /app/data/config/elasticsearch.yml || true
    # If the original doesn't exist, copy from the one we bundled
    if [ ! -f /app/data/config/elasticsearch.yml ]; then
        cp /app/data/config/elasticsearch.yml.orig /app/data/config/elasticsearch.yml 2>/dev/null || cp /app/elasticsearch.yml /app/data/config/elasticsearch.yml 2>/dev/null || true
    fi
fi

# Ensure permissions are correct
chown -R elasticsearch:elasticsearch /app/data/elasticsearch /app/data/logs /app/data/config

# Print the network interfaces for debugging
echo "Network interfaces:"
ip addr show

# Start Elasticsearch in the background
echo "Starting Elasticsearch..."
cd /usr/share/elasticsearch
su -c "ES_PATH_CONF=/app/data/config /usr/share/elasticsearch/bin/elasticsearch -d -p /app/data/elasticsearch.pid" elasticsearch

# Wait for Elasticsearch to be up
echo "Waiting for Elasticsearch to start..."
attempts=0
max_attempts=60
until $(curl --output /dev/null --silent --head --fail http://localhost:9200); do
    printf '.'
    sleep 5
    
    attempts=$((attempts+1))
    
    if [ $attempts -ge $max_attempts ]; then
        echo "Elasticsearch failed to start after 5 minutes. Check logs at /app/data/logs/"
        exit 1
    fi
done
echo "Elasticsearch is up and running!"

# Now that Elasticsearch is running, set the elastic user password
echo "Setting elastic user password..."
cd /usr/share/elasticsearch
echo "y" | bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true

# Display the credentials
echo "-----------------------------"
echo "Elasticsearch is ready to use!"
echo "URL: http://localhost:9200"
echo ""
echo "Authentication credentials:"
echo "  User: elastic"
echo "  Password: $ELASTIC_PASSWORD"
echo "-----------------------------"

# Create a credentials file for reference
cat > /app/data/credentials.txt << EOL
Elasticsearch credentials:
URL: http://localhost:9200
User: elastic
Password: $ELASTIC_PASSWORD
EOL

echo "Credentials saved to /app/data/credentials.txt"

# Keep the script running to prevent the container from exiting
tail -f /app/data/logs/*.log 2>/dev/null || sleep infinity