#!/bin/bash
set -e

# Fix permissions on /data directory (runtime volume mount may have wrong ownership)
# This ensures the attestation user can write SQLite databases
if [ -d "/data" ]; then
    chown -R attestation:attestation /data
    chmod 755 /data
fi

# Copy static files to shared volume (if mounted)
if [ -d "/srv/static" ]; then
    echo "Copying static files to shared volume..."
    cp -r /app/static-orig/* /srv/static/
    chown -R attestation:attestation /srv/static
    echo "Static files copied."
fi

# Set working directory to /data where SQLite databases will be stored
# The application creates attestation.db and samples.db in the working directory
cd /data

JAR_FILE="/app/libs/attestation-server.jar"

if [ ! -f "$JAR_FILE" ]; then
    echo "ERROR: Main JAR not found at $JAR_FILE!"
    echo "Available JARs:"
    ls -la /app/libs/
    exit 1
fi

echo "Starting AttestationServer..."
echo "JAR: $JAR_FILE"
echo "Data directory: $(pwd)"
echo "Running as user: attestation (UID 1000)"

# Run with the sqlite4java library path, dropping privileges to attestation user
# Use setpriv to drop privileges while preserving environment
exec setpriv --reuid=attestation --regid=attestation --clear-groups \
    java \
        -Xmx512m \
        -XX:+UseG1GC \
        -XX:+ExitOnOutOfMemoryError \
        -Djava.library.path=/app/libs \
        -jar "$JAR_FILE"