#!/usr/bin/env python3
import os
import subprocess
from http.server import BaseHTTPRequestHandler, HTTPServer

DEPLOY_SECRET = os.getenv("DEPLOY_SECRET", "supersecret")

class Handler(BaseHTTPRequestHandler):
    def do_POST(self):
        auth = self.headers.get("Authorization")
        if auth != f"Bearer {DEPLOY_SECRET}":
            self.send_response(403)
            self.end_headers()
            self.wfile.write(b"unauthorized\n")
            print("[!] Unauthorized webhook attempt")
            return

        print("[+] Authorized redeploy request received")

        # Pull latest Website
        subprocess.run(["git", "-C", "/site", "pull", "--recurse-submodules"], check=False)

        # Rebuild site
        subprocess.run(["zola", "build", "--force"], cwd="/site/src", check=False)
        subprocess.run(["sh", "-c", "cp -r /site/src/public/* /usr/share/nginx/html/"], shell=True, check=False)

        self.send_response(200)
        self.end_headers()
        self.wfile.write(b"OK\n")
        print("Site rebuilt successfully")

def run():
    server = HTTPServer(("0.0.0.0", 5001), Handler)
    print("Listening on port 5001 for /hooks/redeploy ...")
    server.serve_forever()

if __name__ == "__main__":
    run()