#!/bin/bash
#
# 🔒 ROA2WEB Commit Message Hook
# Validates commit messages and warns about potential security issues
#
# Installation:
#   cp security/git_hooks/commit-msg .git/hooks/commit-msg
#   chmod +x .git/hooks/commit-msg
#

set -e

commit_msg_file="$1"
commit_msg=$(cat "$commit_msg_file")

# Colors
RED='\033[0;31m'
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
NC='\033[0m'

echo -e "${GREEN}🔒 ROA2WEB Commit Message Check${NC}"

# Patterns that might indicate accidental secret commits
SUSPICIOUS_COMMIT_PATTERNS=(
    "password"
    "secret"
    "credential"
    "token"
    "key"
    "auth"
    "config"
    "env"
)

# Check for suspicious patterns in commit message
violations=0

for pattern in "${SUSPICIOUS_COMMIT_PATTERNS[@]}"; do
    if echo "$commit_msg" | grep -qi "$pattern"; then
        echo -e "${YELLOW}⚠️  WARNING: Commit message contains potentially sensitive keyword: '$pattern'${NC}"
        echo -e "${YELLOW}   Make sure you're not accidentally committing secrets${NC}"
        violations=$((violations + 1))
    fi
done

# Check commit message quality
if [[ ${#commit_msg} -lt 10 ]]; then
    echo -e "${YELLOW}⚠️  WARNING: Very short commit message${NC}"
fi

if [[ $violations -gt 0 ]]; then
    echo -e "${YELLOW}"
    echo "⚠️  $violations potential security-related keywords found in commit message"
    echo "Please double-check that you're not committing sensitive information"
    echo -e "${NC}"
fi

echo -e "${GREEN}✅ Commit message check completed${NC}"
exit 0