#!/bin/bash
set -e

# Create per-product databases
for db in dd0c_route dd0c_drift dd0c_alert dd0c_portal dd0c_cost dd0c_run; do
  echo "Creating database: $db"
  psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname postgres -c "CREATE DATABASE $db;" 2>/dev/null || true
done

# Create per-service DB users with least-privilege access
create_service_user() {
  local db=$1
  local user=$2
  local pass_var=$3
  local pass="${!pass_var:-dd0c-dev}"
  echo "Creating user $user for $db"
  psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname postgres -c "CREATE USER $user WITH PASSWORD '$pass';" 2>/dev/null || true
  psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "GRANT CONNECT ON DATABASE $db TO $user;" 2>/dev/null || true
  psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "GRANT USAGE ON SCHEMA public TO $user;" 2>/dev/null || true
  psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $user;" 2>/dev/null || true
  psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO $user;" 2>/dev/null || true
}

create_service_user dd0c_drift dd0c_drift DB_DRIFT_PASSWORD
create_service_user dd0c_alert dd0c_alert DB_ALERT_PASSWORD
create_service_user dd0c_portal dd0c_portal DB_PORTAL_PASSWORD
create_service_user dd0c_cost dd0c_cost DB_COST_PASSWORD
create_service_user dd0c_run dd0c_run DB_RUN_PASSWORD

# Run migrations for each product (as superuser so tables are created correctly)
run_migrations() {
  local db=$1
  local dir=$2
  if [ -d "$dir" ]; then
    for sql in "$dir"/*.sql; do
      [ -f "$sql" ] || continue
      echo "  $db ← $(basename $sql)"
      psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -f "$sql" 2>/dev/null || true
    done
  fi
}

run_migrations dd0c_route /migrations/01-route
run_migrations dd0c_drift /migrations/02-drift
run_migrations dd0c_alert /migrations/03-alert
run_migrations dd0c_portal /migrations/04-portal
run_migrations dd0c_cost /migrations/05-cost
run_migrations dd0c_run /migrations/06-run

echo "All databases initialized."