#!/usr/bin/env bash

# This script is used to start the npm dev server along with a caddy proxy running a self signed TLS cert
# This is needed as the app uses external auth that requires running on https

# Usage:
# 1. Set $dev_hostname to the hostname of your dev server (e.g. devvm.viktorbarzin.lan) in /ets/hosts (or external dns to resolve to)
# 2. Run the script
# 3. Start npm server in a different tab: npm run dev -- --host
# 4. Open a browser and navigate to https://$dev_hostname:443

# Now your app would be accessible via https
# App requests to the backend API can be done via https://$dev_hostname/api

set -eux

# Kill any existing caddy servers
sudo pkill -f 'caddy'

# Fail if caddy is not installed
if ! command -v caddy &> /dev/null; then
  echo "Error: caddy is not installed. Please install caddy and try again"
   exit 1
fi

pwd=$PWD

caddy_dir="$pwd/caddy_dev"
dev_crt_path="$caddy_dir/certs/dev.crt"
dev_key_path="$caddy_dir/certs/dev.key"

# throw if .env does not exist
if [ ! -f "$pwd/.env" ]; then
  echo "Error: .env file not found. Please use the sample env file to populate the .env file" 
  exit 1
fi
source "$pwd/.env" # get env for dev host
dev_hostname=$DEV_HOST
frontend_service="$FRONTEND_SERVICE" 
backend_service="$BACKEND_SERVICE" 

# Create self signed certs if they don't exist already
if [ ! -f "$caddy_dir/certs/dev.crt" ] || [ ! -f "$caddy_dir/certs/dev.key" ]; then
  echo
  echo "Creating self-signed certificates..."
  mkdir -p $caddy_dir/certs
  openssl req -x509 -newkey rsa:4096 -keyout $dev_key_path -out $dev_crt_path -days 365 -nodes -subj "/CN=$dev_hostname"
  echo "Certificates created."
fi

# Create a caddyfile for the dev environment if it doesn't exist
if [ ! -f "$caddy_dir/Caddyfile" ]; then
  echo "Creating a caddyfile for the dev environment..."
cat <<-EOF > $caddy_dir/Caddyfile
# We need https for the frontend to enable auth with external oidc
https://$dev_hostname:443 {
    tls "$dev_crt_path" "$dev_key_path"
    reverse_proxy http://$frontend_service
}

# We need https for the backend so that the frontend can send secure requests to the backend
https://$dev_hostname:443/api/* {
    tls "$dev_crt_path" "$dev_key_path"
    reverse_proxy http://$backend_service
}
EOF

  echo "Caddyfile created."
else
    echo "Caddyfile already exists. Skipping creation."
fi

# Start the caddy proxy with the self signed certs
sudo caddy start --config "$caddy_dir/Caddyfile" # caddy run for interactive session
# Start the npm dev server
npm run dev -- --host