#!/usr/bin/env bash
set -euo pipefail

# Kratos/Hydra admin endpoints should be reachable only on ory-net.
# Frontend network (baron_net) must NOT reach admin endpoints.

IMAGE="curlimages/curl:8.10.1"

# ory-net should succeed
# 한국어: ory-net에서는 admin 포트 접근이 가능해야 함

docker run --rm --network ory-net "$IMAGE" -fsS http://hydra:4445/health/ready > /dev/null

docker run --rm --network ory-net "$IMAGE" -fsS http://kratos:4434/health/ready > /dev/null

# baron_net should fail
# 한국어: baron_net에서는 admin 포트 접근이 불가능해야 함
if docker run --rm --network baron_net "$IMAGE" -fsS http://hydra:4445/health/ready > /dev/null 2>&1; then
  echo "ERROR: hydra admin is reachable from baron_net"
  exit 1
fi

if docker run --rm --network baron_net "$IMAGE" -fsS http://kratos:4434/health/ready > /dev/null 2>&1; then
  echo "ERROR: kratos admin is reachable from baron_net"
  exit 1
fi

echo "OK: admin endpoints are reachable on ory-net only"