#!/bin/sh
# ─────────────────────────────────────────────────────────────────────────────
# FLUX container entrypoint.
#
# Runs as root briefly so we can:
#   1. Make sure all mounted upload dirs are writable by uid 1001 (nextjs).
#      The host folders may have been mkdir'd by another user (debian) and
#      docker-compose mounts preserve those permissions, which would lock
#      the container out. This single chown fixes it on every start.
#   2. Apply pending Prisma migrations idempotently.
#   3. Hand off to the Next.js server, dropping privileges to nextjs.
# ─────────────────────────────────────────────────────────────────────────────

set -e

# Fix ownership on every mounted public/* folder so the container can write.
# Skips silently if a folder doesn't exist or chown isn't permitted.
for dir in \
  /app/public/branding \
  /app/public/footage \
  /app/public/applications \
  /app/public/cases \
  /app/public/news \
  /app/public/parts \
  /app/public/operations-inbox; do
  if [ -d "$dir" ]; then
    chown -R 1001:1001 "$dir" 2>/dev/null || true
  fi
done

# Run pending migrations (idempotent).
su-exec nextjs node ./node_modules/prisma/build/index.js migrate deploy

# Boot the Next.js server as the unprivileged user.
exec su-exec nextjs node server.js