source ../environment.sh

if [ -z "$NETWORK" ]; then
echo "错误: 未找到 NETWORK 环境变量"
exit 1
fi
if [ -z "$MINIO_NAME" ]; then
echo "错误: 未找到 MINIO_NAME 环境变量"
exit 1
fi
if [ -z "$MINIO_IMAGE" ]; then
echo "错误: 未找到 MINIO_IMAGE 环境变量"
exit 1
fi
if [ -z "$MINIO_MEMORY" ]; then
echo "错误: 未找到 MINIO_MEMORY 环境变量"
exit 1
fi
if [ -z "$MINIO_API_PORT" ]; then
echo "错误: 未找到 MINIO_API_PORT 环境变量"
exit 1
fi
if [ -z "$MINIO_CONSOLE_PORT" ]; then
echo "错误: 未找到 MINIO_CONSOLE_PORT 环境变量"
exit 1  
fi
if [ -z "$MINIO_DATA" ]; then
echo "错误: 未找到 MINIO_DATA 环境变量"
exit 1
fi
if [ -z "$MINIO_ROOT_USER" ]; then
echo "错误: 未找到 MINIO_ROOT_USER 环境变量"
exit 1
fi
if [ -z "$MINIO_ROOT_PASSWORD" ]; then
echo "错误: 未找到 MINIO_ROOT_PASSWORD 环境变量"
exit 1
fi
if [ -z "$MINIO_ACCESS_KEY" ]; then
echo "错误: 未找到 MINIO_ACCESS_KEY 环境变量"
exit 1
fi
if [ -z "$MINIO_SECRET_KEY" ]; then
echo "错误: 未找到 MINIO_SECRET_KEY 环境变量"
exit 1
fi

if docker ps -a | grep -q ${MINIO_NAME}; then
    echo "停止并删除已存在的 MinIO 容器..."
    docker stop ${MINIO_NAME} >/dev/null 2>&1
    docker rm ${MINIO_NAME} >/dev/null 2>&1
fi

# 启动MinIO容器
docker run -d \
    --name ${MINIO_NAME} \
    --network $NETWORK \
    --memory $MINIO_MEMORY \
    --restart unless-stopped \
    -p ${MINIO_API_PORT}:9000 \
    -p ${MINIO_CONSOLE_PORT}:9001 \
    -e MINIO_ROOT_USER=${MINIO_ROOT_USER} \
    -e MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} \
    -v "${MINIO_DATA}:/data" \
    $MINIO_IMAGE server /data --console-address ":9001"

# 等待 MinIO 服务启动
echo "等待 MinIO 服务启动..."
sleep 10

# 创建 MinIO 服务账号配置目录
mkdir -p $(pwd)/volumes/minio/policies

# 创建 MinIO 服务账号配置文件
cat > $(pwd)/volumes/minio/policies/mqtt-policy.json << EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "admin:*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}
EOF

# 创建 MinIO 服务账号
echo "创建 MinIO 服务账号..."
docker exec ${MINIO_NAME} mc alias set myminio http://localhost:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}
docker exec ${MINIO_NAME} mc admin user add myminio ${MINIO_ACCESS_KEY} ${MINIO_SECRET_KEY}

# 将策略文件复制到容器内
docker cp $(pwd)/volumes/minio/policies/mqtt-policy.json ${MINIO_NAME}:/tmp/mqtt-policy.json

# 创建和附加策略
docker exec ${MINIO_NAME} mc admin policy create myminio mqtt-policy /tmp/mqtt-policy.json
docker exec ${MINIO_NAME} mc admin policy attach myminio mqtt-policy --user ${MINIO_ACCESS_KEY}

# 清理临时文件
docker exec ${MINIO_NAME} rm /tmp/mqtt-policy.json

# 创建所需的 bucket
echo "创建所需的 bucket..."
for bucket in default image ta-tech-image th-airport th-dsp video; do
    echo "处理 bucket: $bucket"
    # 检查 bucket 是否存在
    if ! docker exec ${MINIO_NAME} mc ls myminio/$bucket >/dev/null 2>&1; then
        echo "创建 bucket: $bucket"
        docker exec ${MINIO_NAME} mc mb myminio/$bucket
    else
        echo "bucket $bucket 已存在"
    fi
    # 设置 bucket 为 public
    echo "设置 bucket $bucket 为 public"
    docker exec ${MINIO_NAME} mc anonymous set public myminio/$bucket
done

echo "MinIO 服务账号和 bucket 创建完成"