#!/usr/bin/env bash
set -euo pipefail

CONTAINER_NAME="${CONTAINER_NAME:-hw}"
HOST_PORT="${HOST_PORT:-${APP_PORT:-8000}}"
HEALTHCHECK_URL="${HEALTHCHECK_URL:-http://127.0.0.1:${HOST_PORT}/health}"
ALLOW_NON_ROOT="${ALLOW_NON_ROOT:-0}"

fail() {
  printf 'Verification failed: %s\n' "$1" >&2
  exit 1
}

command_exists() {
  command -v "$1" >/dev/null 2>&1
}

require_docker_daemon() {
  if ! docker info >/dev/null 2>&1; then
    fail "docker daemon is not available"
  fi
}

port_is_listening() {
  local port="$1"

  if command_exists ss; then
    ss -tln | grep -q ":${port} "
    return
  fi

  if command_exists lsof; then
    lsof -nP -iTCP:"${port}" -sTCP:LISTEN >/dev/null 2>&1
    return
  fi

  if command_exists netstat; then
    netstat -an | grep -E -q "[\.:]${port}[[:space:]].*LISTEN"
    return
  fi

  fail "no supported port inspection command found (need one of: ss, lsof, netstat)"
}

main() {
  require_docker_daemon
  if ! docker ps --format '{{.Names}}' | grep -Fxq "$CONTAINER_NAME"; then
    fail "container '$CONTAINER_NAME' is not running"
  fi

  health_status="$(docker inspect --format '{{if .State.Health}}{{.State.Health.Status}}{{else}}none{{end}}' "$CONTAINER_NAME")"
  if [[ "$health_status" != "healthy" && "$health_status" != "none" ]]; then
    fail "container health status is '$health_status'"
  fi

  if ! port_is_listening "$HOST_PORT"; then
    fail "nothing is listening on TCP port ${HOST_PORT}"
  fi

  health_payload="$(curl --fail --silent --show-error --max-time 10 "$HEALTHCHECK_URL")" || fail "healthcheck request failed: $HEALTHCHECK_URL"

  if ! printf '%s' "$health_payload" | grep -q '"status":"ok"\|"status": "ok"'; then
    fail "healthcheck response does not contain status=ok"
  fi

  printf 'Verification succeeded.\n'
  printf 'Container: %s\n' "$CONTAINER_NAME"
  printf 'Port: %s\n' "$HOST_PORT"
  printf 'Healthcheck: %s\n' "$HEALTHCHECK_URL"
}

main "$@"