services:
  app:
    profiles:
      - disabled

  postgres:
    ports: !override
      - "5432:5432"

  keycloak:
    image: quay.io/keycloak/keycloak:latest
    command: start-dev
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_HOSTNAME: localhost
      KC_HOSTNAME_PORT: 8080
      KC_HOSTNAME_STRICT: "false"
      KC_HTTP_ENABLED: "true"
    ports:
      - "8080:8080"
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080"]
      interval: 10s
      timeout: 5s
      retries: 15
      start_period: 30s

  keycloak-init:
    image: curlimages/curl:latest
    depends_on:
      keycloak:
        condition: service_healthy
    restart: "no"
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
        sleep 3
        echo "Creating slotfinder client..."
        TOKEN=$$(curl -sf -X POST "http://keycloak:8080/realms/master/protocol/openid-connect/token" \
          -d "client_id=admin-cli" -d "username=admin" -d "password=admin" -d "grant_type=password" | \
          sed -n 's/.*"access_token":"\([^"]*\)".*/\1/p')
        curl -sf -X POST "http://keycloak:8080/admin/realms/master/clients" \
          -H "Authorization: Bearer $$TOKEN" -H "Content-Type: application/json" \
          -d '{"clientId":"slotfinder","enabled":true,"secret":"slotfinder-dev-secret","publicClient":false,"directAccessGrantsEnabled":true,"standardFlowEnabled":true,"redirectUris":["http://localhost:5000/*"],"webOrigins":["http://localhost:5000"]}'
        echo "Creating test user 'testuser'..."
        curl -sf -X POST "http://keycloak:8080/admin/realms/master/users" \
          -H "Authorization: Bearer $$TOKEN" -H "Content-Type: application/json" \
          -d '{"username":"testuser","enabled":true,"firstName":"Test","lastName":"User","email":"testuser@example.com","credentials":[{"type":"password","value":"testpass","temporary":false}]}'
        echo "Done - users: admin/admin, testuser/testpass"