#!/bin/bash

echo "=== WebSocket-Services Diagnose ==="
echo ""

echo "1. Prüfe Backend-Service-Status:"
sudo systemctl status yourpart-backend --no-pager -l | head -20
echo ""

echo "2. Prüfe Daemon-Service-Status:"
sudo systemctl status yourpart-daemon --no-pager -l | head -20
echo ""

echo "3. Prüfe Backend-Logs (letzte 30 Zeilen):"
sudo journalctl -u yourpart-backend -n 30 --no-pager | grep -E "(Socket|HTTPS|TLS|Port|4443|2020)" || echo "Keine relevanten Logs gefunden"
echo ""

echo "4. Prüfe Daemon-Logs (letzte 30 Zeilen):"
sudo journalctl -u yourpart-daemon -n 30 --no-pager | grep -E "(Daemon|WSS|TLS|Port|4551|connection)" || echo "Keine relevanten Logs gefunden"
echo ""

echo "5. Prüfe, welche Ports lauschen:"
echo "   Port 2020 (API):"
sudo netstat -tlnp 2>/dev/null | grep ":2020 " || echo "   ❌ Port 2020 lauscht nicht"
echo "   Port 4443 (Socket.io):"
sudo netstat -tlnp 2>/dev/null | grep ":4443 " || echo "   ❌ Port 4443 lauscht nicht"
echo "   Port 4551 (Daemon):"
sudo netstat -tlnp 2>/dev/null | grep ":4551 " || echo "   ❌ Port 4551 lauscht nicht"
echo ""

echo "6. Prüfe Firewall-Regeln:"
sudo ufw status | grep -E "(4443|4551)" || echo "   Keine Firewall-Regeln für diese Ports gefunden"
echo ""

echo "7. Prüfe Backend-Umgebungsvariablen:"
sudo systemctl show yourpart-backend --property=Environment --no-pager | grep -E "(SOCKET_IO|TLS)" || echo "   Keine Socket.io TLS-Variablen gefunden"
echo ""

echo "8. Prüfe Daemon-Umgebungsvariablen:"
sudo systemctl show yourpart-daemon --property=Environment --no-pager | grep -E "(DAEMON|TLS)" || echo "   Keine Daemon TLS-Variablen gefunden"
echo ""

echo "9. Teste TLS-Zertifikate:"
if [ -f "/etc/letsencrypt/live/www.your-part.de/privkey.pem" ]; then
    echo "   ✅ Privkey gefunden"
else
    echo "   ❌ Privkey nicht gefunden"
fi
if [ -f "/etc/letsencrypt/live/www.your-part.de/fullchain.pem" ]; then
    echo "   ✅ Fullchain gefunden"
else
    echo "   ❌ Fullchain nicht gefunden"
fi