#!/bin/bash
set -e

# This script runs as root to handle Docker volume mounting,
# then switches to appuser for security

# CRITICAL: Do NOT create ANY subdirectories under /var/www/html/storage!
# Docker needs to create the storage directory tree when mounting Named Volumes.
# Creating storage or any storage/* subdirectory here prevents Docker volume mounting.

# Only create directories that are NOT under storage/ and are NOT volume mount points
mkdir -p /var/www/html/var/cache \
         /var/www/html/var/logs \
         /var/www/html/cache

# Set correct ownership and permissions for appuser
# Volume mount points are created by Docker and will be owned by root initially
# We fix ownership AFTER Docker has mounted them

# Wait for Docker to finish mounting volumes
sleep 1

# NOW we can safely create non-volume storage subdirectories
# Docker has already mounted: storage/logs, storage/cache, storage/queue, storage/discovery, storage/uploads
# We create other directories that are NOT volume mounts:
mkdir -p /var/www/html/storage/analytics 2>/dev/null || true
mkdir -p /var/www/html/storage/sessions 2>/dev/null || true

# Fix ownership for all storage directories (including mounted volumes)
# WICHTIG: Cache-Verzeichnis ben?tigt 775 (Group-writable) f?r Multi-User/Process-Umgebungen
# F?r das L?schen von Cache-Dateien werden nur Verzeichnis-Rechte ben?tigt, nicht Datei-Rechte
if [ -d /var/www/html/storage ]; then
    chown -R appuser:appuser /var/www/html/storage 2>/dev/null || true
    chmod -R 775 /var/www/html/storage 2>/dev/null || true
fi

chown -R appuser:appuser /var/www/html/var 2>/dev/null || true
chown -R appuser:appuser /var/www/html/cache 2>/dev/null || true

chmod -R 775 /var/www/html/var 2>/dev/null || true
chmod -R 775 /var/www/html/cache 2>/dev/null || true

# Add appuser to docker group if docker socket exists (for Docker CLI access)
if [ -S /var/run/docker.sock ]; then
    DOCKER_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo "")
    if [ -n "$DOCKER_GID" ] && [ "$DOCKER_GID" != "0" ]; then
        # Create docker group with correct GID if it doesn't exist
        if ! getent group docker >/dev/null 2>&1; then
            groupadd -g "$DOCKER_GID" docker 2>/dev/null || true
        fi
        # Add appuser to docker group
        usermod -aG docker appuser 2>/dev/null || true
    fi
fi

# For PHP-FPM, run as root and let it manage user switching internally
# PHP-FPM will drop privileges to the user specified in pool configuration
# For other commands (console.php, etc.), switch to appuser
if [ "$1" = "php-fpm" ]; then
    exec "$@"
else
    exec gosu appuser "$@"
fi