#!/bin/bash
# Weekly Security Check - Run via cron
# Crontab: 0 9 * * 1 /opt/autonet/scripts/weekly-security-check.sh >> /var/log/security-audit.log 2>&1

PROJECTS=(
    "/opt/autonet/production/frontend"
    "/opt/autonet/staging/frontend"
)

DATE=$(date '+%Y-%m-%d %H:%M')
echo "=========================================="
echo "Weekly Security Audit - $DATE"
echo "=========================================="

for PROJECT in "${PROJECTS[@]}"; do
    if [ -d "$PROJECT" ]; then
        echo -e "\nChecking: $PROJECT"
        cd "$PROJECT"

        # Check if npm is available
        if command -v npm &> /dev/null; then
            npm audit --omit=dev 2>/dev/null | grep -E "(critical|high|Severity)" | head -20
        elif [ -f "package-lock.json" ]; then
            # Use npx if npm not in PATH
            npx --yes npm-audit-ci --critical 2>/dev/null || echo "Audit complete"
        fi
    fi
done

echo -e "\n=========================================="
echo "Audit complete"
echo "=========================================="