#!/usr/bin/env bash
set -euo pipefail

ENDPOINTS=(
  "https://recovery.hangarforge.com"
  "https://app.hangarforge.com"
  "https://admin.hangarforge.com"
  "https://api.hangarforge.com/health"
  "https://portainer.hangarforge.com"
  "https://jenkins.hangarforge.com"
)

command -v curl >/dev/null 2>&1 || { echo "curl is required" >&2; exit 1; }

printf '\nHangarForge public endpoint probe\n'
printf 'Timestamp: %s\n\n' "$(date -u '+%Y-%m-%d %H:%M:%S UTC')"

if command -v dig >/dev/null 2>&1; then
  printf 'DNS: recovery.hangarforge.com -> %s\n\n' "$(dig +short recovery.hangarforge.com | paste -sd ',' -)"
else
  echo 'dig not found; skipping DNS lookup'
  echo
fi

for url in "${ENDPOINTS[@]}"; do
  printf '=== %s ===\n' "$url"
  if curl -k -I -sS --max-time 15 "$url" | sed -n '1,5p'; then
    echo 'status=reachable'
  else
    echo 'status=unreachable'
  fi
  echo
 done

echo 'Tip: if public endpoints fail but EC2 is running, check security groups, reverse proxy, and TLS.'