#!/bin/bash
set -e

# Default PUID/PGID if not set
PUID=${PUID:-1000}
PGID=${PGID:-1000}

# Create group if it doesn't exist
if ! getent group sgo >/dev/null 2>&1; then
    groupadd -g ${PGID} sgo
fi

# Create or modify user
if ! id -u sgo >/dev/null 2>&1; then
    useradd -u ${PUID} -g ${PGID} -d /home/sgo -m -s /bin/bash sgo
else
    # Update existing user
    usermod -u ${PUID} sgo 2>/dev/null || true
    groupmod -g ${PGID} sgo 2>/dev/null || true
fi

# Copy AWS credentials from mounted location to user directory
# This ensures proper permissions regardless of host UID/GID
if [ -d "/tmp/aws-host" ]; then
    mkdir -p /home/sgo/.aws
    cp -r /tmp/aws-host/* /home/sgo/.aws/ 2>/dev/null || true
    chmod 700 /home/sgo/.aws
    chmod 600 /home/sgo/.aws/* 2>/dev/null || true
    chown -R sgo:sgo /home/sgo/.aws
fi

# Ensure proper ownership of app files and data directory
chown -R sgo:sgo /app

# Ensure home directory ownership
chown sgo:sgo /home/sgo 2>/dev/null || true

# Execute the command as the sgo user
exec gosu sgo "$@"