#!/usr/bin/env sh
set -eu

assert_contains() {
  file="$1"
  pattern="$2"
  if ! grep -Fq "$pattern" "$file"; then
    echo "missing pattern in $file: $pattern" >&2
    exit 1
  fi
}

assert_not_contains() {
  file="$1"
  pattern="$2"
  if grep -Fq "$pattern" "$file"; then
    echo "forbidden pattern in $file: $pattern" >&2
    exit 1
  fi
}

deploy_gateway="deploy/templates/gateway/nginx.conf"

if [ ! -f "$deploy_gateway" ]; then
  echo "missing expected file: $deploy_gateway" >&2
  exit 1
fi

assert_contains "$deploy_gateway" "root /usr/share/nginx/html;"
assert_contains "$deploy_gateway" 'try_files $uri $uri/ /index.html;'
assert_not_contains "$deploy_gateway" "baron_userfront"
assert_not_contains "$deploy_gateway" "userfront_upstream"
assert_not_contains "$deploy_gateway" "proxy_pass http://baron_userfront"

echo "gateway userfront residue policy checks passed"