#!/bin/bash
set -e

SUPERVISORD_CMD="/usr/bin/supervisord"
SUPERVISORD_CONF_FULL="/etc/supervisor/conf.d/supervisord.conf"
SUPERVISORD_CONF_LOCAL="/etc/supervisor/conf.d/supervisord-local.conf"

# Check if all required Cloudflare variables are set
if [ -n "$CF_API_TOKEN" ] && [ -n "$CF_ACCOUNT_ID" ] && [ -n "$SUBDOMAIN" ] && [ -n "$DOMAIN" ]; then
    echo "Cloudflare variables detected — setting up tunnel..."

    TIMESTAMP=$(date +%Y%m%d%H%M%S)
    TUNNEL_NAME="${SUBDOMAIN}-tunnel-${TIMESTAMP}"
    echo "Tunnel name: ${TUNNEL_NAME}"

    TUNNEL_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/cfd_tunnel" \
        -H "Authorization: Bearer ${CF_API_TOKEN}" \
        -H "Content-Type: application/json" \
        --data "{\"name\":\"${TUNNEL_NAME}\"}")

    TUNNEL_ID=$(echo "$TUNNEL_RESPONSE" | jq -r '.result.id')
    TUNNEL_TOKEN=$(echo "$TUNNEL_RESPONSE" | jq -r '.result.token')

    if [ -z "$TUNNEL_ID" ] || [ "$TUNNEL_ID" = "null" ]; then
        echo "Error: Failed to create Cloudflare tunnel"
        echo "$TUNNEL_RESPONSE"
        exit 1
    fi

    echo "Tunnel ID: ${TUNNEL_ID}"

    curl -s -X PUT "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/cfd_tunnel/${TUNNEL_ID}/configurations" \
        -H "Authorization: Bearer ${CF_API_TOKEN}" \
        -H "Content-Type: application/json" \
        --data "{\"config\":{\"ingress\":[{\"hostname\":\"tunnel-${SUBDOMAIN}.${DOMAIN}\",\"service\":\"http://localhost:80\"},{\"service\":\"http_status:404\"}]}}"

    DNS_RECORDS=$(curl -s "https://api.cloudflare.com/client/v4/zones?name=${DOMAIN}" \
        -H "Authorization: Bearer ${CF_API_TOKEN}" \
        -H "Content-Type: application/json")
    ZONE_ID=$(echo "$DNS_RECORDS" | jq -r '.result[0].id')

    if [ -z "$ZONE_ID" ] || [ "$ZONE_ID" = "null" ]; then
        echo "Error: Could not find DNS zone for ${DOMAIN}"
        exit 1
    fi

    EXISTING=$(curl -s "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records?name=tunnel-${SUBDOMAIN}.${DOMAIN}" \
        -H "Authorization: Bearer ${CF_API_TOKEN}" \
        -H "Content-Type: application/json")
    RECORD_ID=$(echo "$EXISTING" | jq -r '.result[0].id')

    if [ -z "$RECORD_ID" ] || [ "$RECORD_ID" = "null" ]; then
        curl -s -X POST "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records" \
            -H "Authorization: Bearer ${CF_API_TOKEN}" \
            -H "Content-Type: application/json" \
            --data "{\"type\":\"CNAME\",\"name\":\"tunnel-${SUBDOMAIN}.${DOMAIN}\",\"content\":\"${TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}"
    else
        curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \
            -H "Authorization: Bearer ${CF_API_TOKEN}" \
            -H "Content-Type: application/json" \
            --data "{\"type\":\"CNAME\",\"name\":\"tunnel-${SUBDOMAIN}.${DOMAIN}\",\"content\":\"${TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}"
    fi

    echo "Site will be available at: https://tunnel-${SUBDOMAIN}.${DOMAIN}"
    export CLOUDFLARE_TUNNEL_TOKEN="${TUNNEL_TOKEN}"

    # Use the full supervisor config (includes cloudflared)
    exec "$SUPERVISORD_CMD" -c "$SUPERVISORD_CONF_FULL"
else
    echo "No Cloudflare variables set — starting without tunnel (port 80 only)."
    # Use local supervisor config (nginx + node only, no cloudflared)
    exec "$SUPERVISORD_CMD" -c "$SUPERVISORD_CONF_LOCAL"
fi