#!/bin/bash

CONFIG_DIR="/config"
CONFIG_FILE="$CONFIG_DIR/watchdog.conf"
STATE_FILE="$CONFIG_DIR/watch_state.json"

while true; do
    if [ -f "$CONFIG_FILE" ]; then
        source "$CONFIG_FILE"
    else
        echo "❌ Fehler: $CONFIG_FILE nicht gefunden!"
        sleep 60; continue
    fi

    INTERVAL=${CHECK_INTERVAL:-3600}
    if [ ! -f "$STATE_FILE" ] || [ ! -s "$STATE_FILE" ]; then echo "{}" > "$STATE_FILE"; fi

    UPDATES_FOUND=""
    echo "--- Starte Check: $(date) ---"

    for entry in "${TARGETS[@]}"; do
        IFS="|" read -r TYPE REPO EXTRA <<< "$entry"
        KEY="${TYPE}_${REPO//[\/\.]/_}_${EXTRA}"
        OLD_VAL=$(jq -r ".[\"$KEY\"] // empty" "$STATE_FILE")
        NEW_VAL=""

        echo "Prüfe $TYPE: $REPO:$EXTRA..."

        if [ "$TYPE" == "DOCKER" ]; then
            if [[ "$REPO" != *"."* ]] || [[ "$REPO" == *"docker.io"* ]]; then
                # --- Docker Hub Logik ---
                CLEAN_REPO=${REPO#docker.io/}
                [[ "$CLEAN_REPO" != *"/"* ]] && CLEAN_REPO="library/$CLEAN_REPO"
                NEW_VAL=$(curl -s "https://hub.docker.com/v2/repositories/${CLEAN_REPO}/tags/${EXTRA}" | jq -r '.last_updated // empty')
            else
                # --- Custom Registry (z.B. Gitea) ---
                REG_HOST=$(echo $REPO | cut -d/ -f1)
                IMG_NAME=$(echo $REPO | cut -d/ -f2-)

                # 1. Versuche einen anonymen Token zu holen (Standard V2 Auth)
                TOKEN=$(curl -s "https://${REG_HOST}/v2/token?service=${REG_HOST}&scope=repository:${IMG_NAME}:pull" | jq -r '.token // empty')

                # 2. Abfrage mit Token (falls vorhanden) und explizitem GET statt HEAD
                if [ -n "$TOKEN" ] && [ "$TOKEN" != "null" ]; then
                    AUTH_HEADER="Authorization: Bearer $TOKEN"
                else
                    AUTH_HEADER="X-No-Auth: true" # Dummy Header
                fi

                # Wir nutzen curl -i (Header + Body) und fangen den Digest ab
                RESPONSE=$(curl -s -i -H "$AUTH_HEADER" \
                    -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
                    "https://${REG_HOST}/v2/${IMG_NAME}/manifests/${EXTRA}")
                
                NEW_VAL=$(echo "$RESPONSE" | grep -i "docker-content-digest" | awk '{print $2}' | tr -d '\r')
                
                # Falls Digest leer, versuche ETag (Backup für manche Registries)
                if [ -z "$NEW_VAL" ]; then
                    NEW_VAL=$(echo "$RESPONSE" | grep -i "etag" | awk '{print $2}' | tr -d '\r' | tr -d '"')
                fi
            fi
        elif [ "$TYPE" == "GITHUB" ]; then
            NEW_VAL=$(curl -s "https://api.github.com/repos/${REPO}/branches/${EXTRA}" | jq -r '.commit.sha // empty')
        fi

        # Debug-Ausgabe falls leer
        if [ -z "$NEW_VAL" ] || [ "$NEW_VAL" == "null" ]; then
            echo "  ⚠️  Konnte keine Daten für $REPO abrufen (API-Antwort leer)."
            continue
        fi

        if [ -n "$OLD_VAL" ] && [ "$OLD_VAL" != "$NEW_VAL" ]; then
            MSG="Update für $REPO ($EXTRA)! Alt: $OLD_VAL | Neu: $NEW_VAL"
            echo "  🔔 $MSG"
            UPDATES_FOUND="${UPDATES_FOUND}${MSG}\n"
        else
            echo "  ✅ Aktuell."
        fi

        # Speichern
        TEMP_JSON=$(jq ".[\"$KEY\"] = \"$NEW_VAL\"" "$STATE_FILE")
        echo "$TEMP_JSON" > "$STATE_FILE"
    done

    # Mail-Versand (bleibt gleich)
    if [ -n "$UPDATES_FOUND" ]; then
        # SMTP Konfig schreiben (msmtp Logik hier einfügen wie zuvor...)
        echo -e "Subject: Watchdog Alert\n\n$UPDATES_FOUND" | msmtp "$EMAIL_TO"
    fi

    echo "Check beendet. Nächster Scan in $INTERVAL s."
    sleep "$INTERVAL"
done