#!/usr/bin/env bash
# Patch nginx blockscout config to add /api/config/* and /api/v1/ locations.
# Inserts before "location /api/" in the HTTPS server block.
# Run inside VMID 5000.

set -euo pipefail

CONFIG="/etc/nginx/sites-available/blockscout"
BACKUP="${CONFIG}.before-patch-$(date +%Y%m%d-%H%M%S)"
cp "$CONFIG" "$BACKUP"

if grep -q "location = /api/config/token-list" "$CONFIG" 2>/dev/null; then
  echo "Patch already applied."
  nginx -t && echo "Config OK"
  exit 0
fi

# Insert before BOTH "location /api/" occurrences (HTTP and HTTPS blocks)
# Process in reverse order so line numbers don't shift
for LINE in $(grep -n "location /api/" "$CONFIG" | cut -d: -f1 | tac); do
  [[ -z "$LINE" ]] && { echo "Could not find location /api/"; exit 1; }
  head -n $((LINE - 1)) "$CONFIG" > "${CONFIG}.new"
  cat >> "${CONFIG}.new" << 'PATCHEOF'
    # Explorer config API (token list, networks) - serve from /var/www/html/config/
    location = /api/config/token-list {
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, max-age=3600";
        alias /var/www/html/config/DUAL_CHAIN_TOKEN_LIST.tokenlist.json;
    }
    location = /api/config/networks {
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, max-age=3600";
        alias /var/www/html/config/DUAL_CHAIN_NETWORKS.json;
    }
    # Token-aggregation API at /api/v1/
    location /api/v1/ {
        proxy_pass http://127.0.0.1:3001/api/v1/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 60s;
        add_header Access-Control-Allow-Origin *;
    }

PATCHEOF
  tail -n +"$LINE" "$CONFIG" >> "${CONFIG}.new"
  mv "${CONFIG}.new" "$CONFIG"
done

nginx -t && echo "Config OK"