#!/bin/bash


#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers

admin_mail=$(ynh_user_get_info --username="$admin" --key=mail)

#Get settings from database in case it has been changed in the app and save it in settings so that it can be used back afterward
calibre_dir=$(sqlite3 $install_dir/app.db "SELECT config_calibre_dir FROM settings WHERE ID=1")
calibre_dir=${calibre_dir%/}
ynh_app_setting_set $app calibre_dir $calibre_dir

upload=$(sqlite3 $install_dir/app.db "SELECT config_uploading FROM settings WHERE ID=1")
ynh_app_setting_set $app upload $upload

language=$(sqlite3 $install_dir/app.db "SELECT config_default_locale FROM settings WHERE ID=1")
ynh_app_setting_set $app language $language

#=================================================
# CHECK VERSION
#=================================================

upgrade_type=$(ynh_check_app_version_changed)

if [ -f /etc/yunohost/apps/$app/manifest.toml ]; then
	current_upstream_package_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.toml") #0.96.0
else
	current_upstream_package_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json") #0.96.0
fi
current_upstream_package_version="${current_upstream_package_version/".96"/".6"}" #0.6.0
current_upstream_package_version="${current_upstream_package_version/".97"/".7"}"
current_upstream_package_version="${current_upstream_package_version/".98"/".8"}"
current_upstream_package_version="${current_upstream_package_version/".99"/".9"}"

new_upstream_package_version=$(ynh_app_upstream_version)
new_upstream_package_version="${new_upstream_package_version/".96"/".6"}" #0.6.0
new_upstream_package_version="${new_upstream_package_version/".97"/".7"}"
new_upstream_package_version="${new_upstream_package_version/".98"/".8"}"
new_upstream_package_version="${new_upstream_package_version/".99"/".9"}"

current_upstream_app_version=$(cat $install_dir/cps/constants.py | grep STABLE_VERSION)
current_upstream_app_version="${current_upstream_app_version/STABLE_VERSION = \{\'version\': \'/""}"
current_upstream_app_version="${current_upstream_app_version/\'\}/""}"


#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_clean_check_starting

#Stop the app in case database is updated
ynh_script_progression --message="Stopping a systemd service..." --weight=2

ynh_systemd_action --service_name=$app --action="stop"

#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Downward Compatibility checks..." --weight=1
#Close unwanted open port in firewall
if yunohost firewall list | grep -q "\- $port$"
then
	ynh_script_progression --message="Closing port $port as it shouldn't be open..."
	yunohost firewall disallow TCP $port 2>&1
fi

#LDAP settings were wrongly set in version prior to 0.6.13 and we could not retrieve LDAP users. This will change the settings to correct values 
if sqlite3 $install_dir/app.db "SELECT config_ldap_group_object_filter FROM settings" \
	| grep -xq "(&(objectClass=posixGroup)(permission=cn=%s.main,ou=permission,dc=yunohost,dc=org))" ; then 
	eval sqlite3 $install_dir/app.db "\"UPDATE settings SET config_ldap_group_object_filter='(&(objectClass=posixGroup)(cn=%s.main))' WHERE ID=1\""
fi


#Adding kepubify converter
if [ -z $(sqlite3 $install_dir/app.db "SELECT config_kepubifypath FROM settings") ]; then
	eval sqlite3 $install_dir/app.db "\"UPDATE settings SET config_kepubifypath='/opt/kepubify/$app/kepubify' WHERE ID=1\""
fi
if [ ! -d /opt/kepubify/$app ]; then
	ynh_setup_source --dest_dir="/opt/kepubify/$app" --source_id="kepubify"
	chmod 770 /opt/kepubify/$app/kepubify
fi

#Change kepubify to new path (for multiinstance
if [ -f /opt/kepubify/kepubify ]; then
	rm /opt/kepubify/kepubify
fi
if sqlite3 $install_dir/app.db "SELECT config_kepubifypath FROM settings" | grep -xq "/opt/kepubify/kepubify" ; then
	eval sqlite3 $install_dir/app.db "\"UPDATE settings SET config_kepubifypath='/opt/kepubify/$app/kepubify' WHERE ID=1\""
fi

#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Upgrading source files from $current_upstream_app_version to $new_upstream_package_version..." --weight=10

	#Set settings constant initializer of the app
	ynh_add_config --template="../sources/patches/main-config_sql.py.patch.src" --destination="../sources/patches/main-config_sql.py.patch"
	ynh_add_config --template="../sources/patches/main-ub.py.patch.src" --destination="../sources/patches/main-ub.py.patch"
	ynh_add_config --template="../sources/patches/main-constants.py.patch.src" --destination="../sources/patches/main-constants.py.patch"
	
	# Download, check integrity, uncompress and patch the source from app.src
	ynh_setup_source --dest_dir="$install_dir"
	chown -R $app: $install_dir
	
	# Remove the patch for web.py in case visitor are allowed
	if $(ynh_permission_has_user --permission=main --user=visitors); then
		patch -u /$install_dir/cps/web.py -i ../conf/web.py.revert.patch
	fi
	
fi

#=================================================
# NGINX CONFIGURATION
#=================================================

ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=5
#Cannot use empty string for X-script-name, causes an issue in the python prg
#https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#nginx
if [ $path = "/" ] ; then
	ynh_replace_string "        proxy_set_header	X-Script-Name" "#       proxy_set_header	X-Script-Name" ../conf/nginx.conf
fi

#Setting the proxy authentication in case calibre is not open to visitor. 
#https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#login-via-header-from-upstream-authentication-source
if $(ynh_permission_has_user --permission=main --user=visitors); then
	sqlite3 $install_dir/app.db "UPDATE settings SET config_reverse_proxy_login_header_name='', config_allow_reverse_proxy_header_login=0 WHERE ID=1;"
	ynh_replace_string --match_string="        proxy_set_header	X-Remote-User" \
	                   --replace_string="#       proxy_set_header	X-Remote-User" \
	                   --target_file="../conf/nginx.conf"
else
	sqlite3 $install_dir/app.db "UPDATE settings SET config_reverse_proxy_login_header_name='X-Remote-User', config_allow_reverse_proxy_header_login=1 WHERE ID=1;"
fi

# Create a dedicated nginx config
ynh_add_nginx_config



#=================================================
# UPGRADE DEPENDENCIES
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	#Use venv to install pip requirements - Inspired from https://github.com/YunoHost-Apps/pyinventory_ynh/blob/master/scripts/install
	ynh_script_progression --message="Installing pip requirements..." --weight=70
	# Always recreate everything fresh with current python version
	if [ -d "${install_dir}/venv" ] ; then
		ynh_secure_remove "${install_dir}/venv"
	fi


	# Skip pip because of: https://github.com/YunoHost/issues/issues/1960
	python3 -m venv --without-pip "${install_dir}/venv"
	chown -R "$app:" "$install_dir"

	#run source in a 'sub shell'
	(
		set +o nounset
		source "${install_dir}/venv/bin/activate"
		set -o nounset
		ynh_exec_as $app $install_dir/venv/bin/python3 -m ensurepip
		ynh_exec_as $app $install_dir/venv/bin/pip3 install --upgrade wheel pip setuptools
		ynh_exec_as $app $install_dir/venv/bin/pip3 install --no-cache-dir --upgrade -r "$install_dir/requirements.txt"
		ynh_exec_as $app $install_dir/venv/bin/pip3 install --no-cache-dir --upgrade -r "$install_dir/optional-requirements.txt"
	)
fi


#=================================================
# SPECIFIC UPGRADE
#=================================================
#build multimedia directory
#=================================================
ynh_script_progression --message="Create Multimedia dir..." --weight=1
#Create multimedia directory but we do not change the calibre_dir : It's the user to make this choice.
ynh_multimedia_build_main_dir
ynh_multimedia_addaccess $app

#Update Imagick policy as per https://github.com/janeczku/calibre-web/wiki/FAQ#what-to-do-if-cover-pictures-are-not-extracted-from-pdf-files
ynh_script_progression --message="Update Imagick policy..." --weight=1

ynh_replace_string --match_string="<policy domain="coder" rights="none" pattern="PDF" />" \
		--replace_string="<policy domain="coder" rights="read" pattern="PDF" />" \
		--target_file="/etc/ImageMagick-6/policy.xml"


#=================================================
# SETUP LOGROTATE
#=================================================

# Use logrotate to manage app-specific logfile(s)
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
ynh_use_logrotate --logfile="$log_file" --nonappend
ynh_use_logrotate --logfile="$access_log_file" --nonappend



#=================================================
# SETUP SYSTEMD
#=================================================

# Create a dedicated systemd config
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
ynh_add_systemd_config

#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================

# Set permissions on app files
chown -R $app: $install_dir
chown -R $app: /opt/kepubify/$app

#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================

yunohost service add $app --description="Browse eBook in the web" --log="$log_file"

#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=8


# Make sure a log file exists (mostly for CI tests)
if [ ! -f "$log_file" ]; then
	touch "$log_file"
	chown $app: "$log_file"
fi

# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*LDAP Login failed for user .* IP-address: <HOST>.*$" --max_retry=5

#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=2

ynh_systemd_action --service_name=$app --action="start" --line_match="Starting Gevent server on" -t 30

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Upgrade of $app completed" --last