#!/bin/sh
set -e
apk add jq su-exec

# create certs for proxy
if [ "$ENABLE_HTTPS_PROXY" == true ]; then

  while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
  do
    echo "ERROR: certificate doesn't exist yet."
    echo "Certificate gets create on the first request to the HTTPS proxy."
    echo "We will try again..."
    sleep 10
  done

  # extract cert
  cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
  cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
fi

if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
  echo "ERROR: certificate not found, but coturn relies on it."
  echo "Use either auto HTTPS proxy or"
  echo "provide path to certificates in .env file"
  exit 1
fi

# set turn_secret variable
if test -f "/run/secrets/turn_secret"; then
    pwd=`cat /run/secrets/turn_secret`
    if [ -z $pwd ]; then
        echo >&2 "error: /run/secrets/turn_secret is empty"
        exit 1
    fi
    echo "entrypoint.coturn.sh setting TURN_SECRET"
    export "TURN_SECRET"="${pwd}"
    unset "pwd"
else
    echo >&2 "error: /run/secrets/turn_secret does not exist"
    exit 1
fi

# start turnserver
su-exec nobody turnserver --static-auth-secret=${TURN_SECRET}"