#!/bin/sh
set -e

echo "Processing Oathkeeper configuration templates..."

# Substitute environment variables in oathkeeper.yml
envsubst < /etc/oathkeeper/oathkeeper.yml.template > /etc/oathkeeper/oathkeeper.yml
rm /etc/oathkeeper/oathkeeper.yml.template
echo "✓ Processed Oathkeeper config"

# Substitute environment variables for access rules
envsubst < /etc/oathkeeper/access-rules/django.yml.template > /etc/oathkeeper/access-rules/django.yml
rm /etc/oathkeeper/access-rules/django.yml.template
echo "✓ Processed Django access rules"
envsubst < /etc/oathkeeper/access-rules/kratos-public.yml.template > /etc/oathkeeper/access-rules/kratos-public.yml
rm /etc/oathkeeper/access-rules/kratos-public.yml.template
echo "✓ Processed Kratos public access rules"
envsubst < /etc/oathkeeper/access-rules/kratos-admin.yml.template > /etc/oathkeeper/access-rules/kratos-admin.yml
rm /etc/oathkeeper/access-rules/kratos-admin.yml.template
echo "✓ Processed Kratos admin access rules"

echo "✓ Processed Oathkeeper access rules"

# Set proper ownership for ory user
chown -R ory:ory /etc/oathkeeper

echo "Starting Oathkeeper as ory user..."

# Switch to ory user and execute the CMD passed to the container
exec su-exec ory oathkeeper "$@"