#!/bin/sh
set -e

# Block NODE_TLS_REJECT_UNAUTHORIZED=0 in production
if [ "$NODE_ENV" = "production" ] && [ "$NODE_TLS_REJECT_UNAUTHORIZED" = "0" ]; then
  echo "FATAL: NODE_TLS_REJECT_UNAUTHORIZED=0 is not allowed in production"
  exit 1
fi

# Wait for PostgreSQL to be ready before running migrations
echo "Waiting for database..."
MAX_WAIT=30
WAITED=0
until echo "SELECT 1" | npx prisma db execute --stdin --schema ./prisma/schema.prisma 2>/dev/null; do
  sleep 2
  WAITED=$((WAITED + 2))
  if [ $WAITED -ge $MAX_WAIT ]; then
    echo "FATAL: Database not available after ${MAX_WAIT}s"
    exit 1
  fi
done
echo "Database ready (${WAITED}s)"

# Run migrations — fail hard on error (never fall back to db push, which causes drift)
echo "Running Prisma migrations..."
npx prisma migrate deploy 2>&1
echo "Migrations complete."

echo "Running database seed..."
npx prisma db seed 2>&1
echo "Seed complete."

# If running production mode (node dist/server.js) and dist is stale, recompile
if [ -f "src/server.ts" ] && echo "$@" | grep -q "npm.*start\|node.*dist"; then
  if [ ! -f "dist/server.js" ] || [ "src/server.ts" -nt "dist/server.js" ]; then
    echo "Compiling TypeScript (dist/ is missing or stale)..."
    npx tsc 2>&1 || echo "WARNING: TypeScript compilation had errors"
    echo "Compilation complete."
  fi
fi

echo "Starting server..."
exec "$@"