#!/bin/bash

# Generate a secure cookie secret for oauth2-proxy
# Cookie secret must be 16, 24, or 32 bytes when base64-decoded

set -e

echo "Generating OAuth2 Proxy cookie secret..."
echo ""

# Generate exactly 24 random bytes (encodes to 32 base64 chars)
COOKIE_SECRET=$(openssl rand -base64 24 | tr -d '\n')

echo "Generated Cookie Secret:"
echo "$COOKIE_SECRET"
echo ""

# Update docker-compose.yml if it exists
if [ -f "docker-compose.yml" ]; then
    echo "Updating docker-compose.yml..."
    sed -i "s|OAUTH2_PROXY_COOKIE_SECRET=.*|OAUTH2_PROXY_COOKIE_SECRET=$COOKIE_SECRET|" docker-compose.yml
    echo "Updated OAUTH2_PROXY_COOKIE_SECRET in docker-compose.yml"
else
    echo "docker-compose.yml not found. Add this to your environment:"
    echo "  OAUTH2_PROXY_COOKIE_SECRET=$COOKIE_SECRET"
fi

echo ""
echo "Restart the oauth2-proxy container to apply:"
echo "  docker-compose restart llama_oauth2_proxy"