#!/bin/bash
# WEVAL SITE GUARDIAN v2 - ALERTE ONLY, ZERO MODIFICATION
# Runs every 5min via cron - NEVER modifies any file

SITE_DIR="/var/www/html"
LOG="/var/log/weval-site-guardian.log"

declare -A CRITICAL_FILES
CRITICAL_FILES=(
  ["index.html"]=8000
  ["weval-audit-reco.js"]=35000
  ["weval-enrich.js"]=100000
  ["weval-translate.js"]=15000
  ["weval-animations.js"]=8000
  ["assets/index-BNsKw9qU.js"]=700000
)

ERRORS=0
NOW=$(date "+%Y-%m-%d %H:%M:%S")

for FILE in "${!CRITICAL_FILES[@]}"; do
  FULL_PATH="$SITE_DIR/$FILE"
  MIN_SIZE=${CRITICAL_FILES[$FILE]}
  
  if [ ! -f "$FULL_PATH" ]; then
    echo "[$NOW] ALERT: $FILE MISSING!" >> $LOG
    ERRORS=$((ERRORS+1))
    continue
  fi
  
  ACTUAL_SIZE=$(stat -c%s "$FULL_PATH" 2>/dev/null)
  if [ "$ACTUAL_SIZE" -lt "$MIN_SIZE" ]; then
    echo "[$NOW] ALERT: $FILE shrunk! Expected >=${MIN_SIZE}B got ${ACTUAL_SIZE}B - POSSIBLE OVERWRITE - NO ACTION TAKEN" >> $LOG
    ERRORS=$((ERRORS+1))
  fi
done

if ! pgrep -x nginx > /dev/null; then
  echo "[$NOW] ALERT: nginx is DOWN - NO ACTION TAKEN" >> $LOG
  ERRORS=$((ERRORS+1))
fi

HTTP_CODE=$(curl -sk -o /dev/null -w "%{http_code}" https://127.0.0.1/ -H "Host: weval-consulting.com" --max-time 10 2>/dev/null)
if [ "$HTTP_CODE" != "200" ]; then
  echo "[$NOW] ALERT: Site HTTP $HTTP_CODE instead of 200 - NO ACTION TAKEN" >> $LOG
  ERRORS=$((ERRORS+1))
fi

if [ $ERRORS -gt 0 ]; then
  echo "[$NOW] === $ERRORS ISSUES DETECTED - MANUAL INTERVENTION REQUIRED ===" >> $LOG
fi

# Log rotation only
if [ $(stat -c%s "$LOG" 2>/dev/null || echo 0) -gt 1048576 ]; then
  tail -500 $LOG > ${LOG}.tmp && mv ${LOG}.tmp $LOG
fi