#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."

app=$YNH_APP_INSTANCE_NAME

domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
unicorn_workers=$(ynh_app_setting_get --app=$app --key=unicorn_workers)

if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
	:
else
	# Check memory requirements
	check_memory_requirements_upgrade
fi

#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."

upgrade_type=$(ynh_check_app_version_changed)

#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."

# If unicorn_workers doesn't exist, create it
if [ -z "$unicorn_workers" ]
then
	# We assume for the moment that ARM devices are only dual core, so
	# we restrict the number of workers to 2 (the default is 3)
	if [ -n "$(uname -m | grep arm)" ]
	then
		unicorn_workers=2
	else
		unicorn_workers=3
	fi
	ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers
fi

# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
	ynh_legacy_permissions_delete_all

	ynh_app_setting_delete --app=$app --key=is_public
fi

#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."

# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
	ynh_clean_check_starting
	# Restore it if the upgrade fails
	ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# ENABLE MAINTENANCE MODE
#=================================================
ynh_script_progression --message="Enabling maintenance mode..."

ynh_maintenance_mode_ON

#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."

ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/log/unicorn.stderr.log"

#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."

# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell

#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Upgrading source files..."

	# Specific actions on ARM architecture
	if [ -n "$(uname -m | grep arm)" ] ; then
		# Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM
		# compatibility by pointing to a recent libv8 version
		# This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261)
		# that prevents it from being compiled on ARM hence no binary gem is available yet
		cp ../sources/patches_arm/* ../sources/patches
	fi

	# Backup files to keep
	tmpdir=$(mktemp -d)
	cp -Rp $final_path/plugins $final_path/config/discourse.conf $tmpdir
	if [ -d $final_path/public/uploads ] ; then
		cp -Rp $final_path/public/uploads $tmpdir
	fi
	if [ -d $final_path/public/backups ] ; then
		cp -Rp $final_path/public/backups $tmpdir
	fi
	if [ -d $final_path/log ] ; then
		cp -Rp $final_path/log $tmpdir
	fi
	# Remove destination directory
	ynh_secure_remove --file=$final_path
	# Download, check integrity, uncompress and patch the source from app.src
	ynh_setup_source --dest_dir="$final_path"
	# Restore previous files
	if [ -d $tmpdir/uploads ] ; then
		cp -Rp $tmpdir/uploads $final_path/public
	fi
	if [ -d $tmpdir/backups ] ; then
		cp -Rp $tmpdir/backups $final_path/public
	fi
	if [ -d $tmpdir/log ] ; then
		cp -Rp $tmpdir/log $final_path
	fi
	(
		cd $tmpdir/plugins/
		for discourse_plugin_dir in */
		do
			# Only copy plugins not included in Discourse archive
			if [ ! -d "$final_path/plugins/$discourse_plugin_dir" ]
			then
				cp -a "$discourse_plugin_dir" "$final_path/plugins/$discourse_plugin_dir"
			fi
		done
	)
	cp -Rp $tmpdir/log $final_path
	cp -p $tmpdir/discourse.conf $final_path/config

	# Install LDAP plugin
	ynh_secure_remove --file="$final_path/plugins/discourse-ldap-auth"
	mkdir -p "$final_path/plugins/discourse-ldap-auth"
	ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth
fi

chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"

#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..."

# Create a dedicated NGINX config
ynh_add_nginx_config

# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
if [ "$path_url" != "/" ] ; then
	ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"

#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..."

ynh_install_app_dependencies $pkg_dependencies 2>/dev/null
ynh_install_ruby --ruby_version=$RUBY_VERSION 2>/dev/null
ynh_use_ruby

#=================================================
# SPECIFIC UPGRADE
#=================================================
# CONFIGURE DISCOURSE
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Configuring Discourse..."

	# Configure Discourse
	discourse_config_file="$final_path/config/discourse.conf"
	# Make a backup of the original config file if modified
	ynh_backup_if_checksum_is_different --file="$discourse_config_file"

	cp $final_path/config/discourse_defaults.conf $discourse_config_file

	ynh_replace_string --match_string="db_name = discourse" --replace_string="db_name = $db_name" --target_file="$discourse_config_file"
	ynh_replace_string --match_string="db_username = discourse" --replace_string="db_username = $db_name" --target_file="$discourse_config_file"
	ynh_replace_string --match_string="db_password =" --replace_string="db_password = $db_pwd" --target_file="$discourse_config_file"
	# Configure hostname
	ynh_replace_string --match_string="hostname = \"www.example.com\"" --replace_string="hostname = \"$domain\"" --target_file="$discourse_config_file"
	ynh_replace_string --match_string="relative_url_root =" --replace_string="relative_url_root = ${path_url%/}" --target_file="$discourse_config_file"
	# Serve static assets (i.e. images, js, etc.)
	ynh_replace_string --match_string="serve_static_assets = false" --replace_string="serve_static_assets = true" --target_file="$discourse_config_file"
	# Don't show miniprofiler
	ynh_replace_string --match_string="load_mini_profiler = true" --replace_string="load_mini_profiler = false" --target_file="$discourse_config_file"
	# Configure e-mail server
	admin_mail=$(ynh_user_get_info "$admin" mail)
	ynh_replace_string --match_string="developer_emails =" --replace_string="developer_emails = $admin_mail" --target_file="$discourse_config_file"
	ynh_replace_string --match_string="smtp_address =" --replace_string="smtp_address = localhost" --target_file="$discourse_config_file"
	ynh_replace_string --match_string="smtp_domain =" --replace_string="smtp_domain = $domain" --target_file="$discourse_config_file"
	ynh_replace_string --match_string="smtp_enable_start_tls = true" --replace_string="smtp_enable_start_tls = false" --target_file="$discourse_config_file"
	# Configure redis
	ynh_replace_string --match_string="redis_db = 0" --replace_string="redis_db = $redis_db" --target_file="$discourse_config_file"
	# Don't notify on new versions (handled by the YunoHost package)
	ynh_replace_string --match_string="new_version_emails = true" --replace_string="new_version_emails = false" --target_file="$discourse_config_file"

	# Calculate and store the config file checksum
	ynh_store_file_checksum --file="$discourse_config_file"

	# Configure LDAP plugin
	ldap_config_file="$final_path/plugins/discourse-ldap-auth/config/settings.yml"
	# Make a backup of the original config file if modified
	ynh_backup_if_checksum_is_different "$ldap_config_file"

	ynh_replace_string --match_string="adfs.example.com" --replace_string="localhost" --target_file="$ldap_config_file"
	ynh_replace_string --match_string="dc=example,dc=com" --replace_string="ou=users,dc=yunohost,dc=org" --target_file="$ldap_config_file"
	ynh_replace_string --match_string="sAMAccountName" --replace_string="uid" --target_file="$ldap_config_file"

	# Calculate and store the config file checksum
	ynh_store_file_checksum --file="$ldap_config_file"

	# Disable svgo worker
	echo "svgo: false" > $final_path/.image_optim.yml
fi

#=================================================
# SETUP UNICORN, A RUBY SERVER
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Setting up Unicorn..."

	unicorn_config_file="$final_path/config/unicorn.conf.rb"
	# Make a backup of the original config file if modified
	ynh_backup_if_checksum_is_different "$unicorn_config_file"

	# Calculate and store the config file checksum
	ynh_store_file_checksum --file="$unicorn_config_file"

	secret="$(ynh_string_random)"
	ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml"

	# Set permissions to app files
	chmod 750 "$final_path"
	chmod -R o-rwx "$final_path"
	chown -R $app:www-data "$final_path"

	pushd "$final_path"
		# Install bundler, a gems installer
		ynh_gem install bundler
		# Install without documentation
		ynh_exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc"
	popd
	
	# Specific actions on ARM architecture
	if [ -n "$(uname -m | grep arm)" ] ; then
		# Define the platform specifically to retrieve binaries
		# for libv8 because it currently doesn't compile on ARM devices
		exec_login_as $app bin/bundle config specific_platform arm-linux
	fi
	# Install dependencies
	exec_login_as $app bin/bundle config set path 'vendor/bundle'
	exec_login_as $app bin/bundle config set with 'development'
	exec_login_as $app MAKEFLAGS=-j2 bin/bundle install --jobs 2

	# On ARM architecture, replace bundled libpsl by system native libpsl
	# because the provided binary isn't compatible
	if [ -n "$(uname -m | grep arm)" ] ; then
		(
			cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor
			rm libpsl.so
			ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so
		)
	fi
fi

#=================================================
# PREPARE THE DATABASE
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Preparing the database..."

	rake_exec="exec_login_as $app RAILS_ENV=production bin/rake"
	ynh_exec_warn_less $rake_exec db:migrate
	ynh_exec_warn_less $rake_exec assets:precompile
fi

#=================================================
# CONFIGURE PLUGINS
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Configuring plugins..."

	# Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
	# (Can only do that now because we are patching dependencies which have just been downloaded)
	# Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
	(
		cd $final_path/plugins/discourse-ldap-auth/gems/${RUBY_VERSION}/gems/omniauth-ldap*/
		patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch
	)
fi

#=================================================
# SETUP SYSTEMD
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Configuring a systemd service..."

	ynh_replace_string --match_string="__RBENV_ROOT__" --replace_string="$RBENV_ROOT" --target_file="../conf/systemd.service"

	additional_env="UNICORN_WORKERS=$unicorn_workers"
	ynh_replace_string --match_string="__ADDITIONAL_ENV__" --replace_string="$additional_env" --target_file="../conf/systemd.service"
	ynh_replace_string --match_string="__LIBJEMALLOC__" --replace_string="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" --target_file="../conf/systemd.service"
	ynh_add_systemd_config
fi

#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_script_progression --message="Securing files and directories..."

# Add a pids and socket directory for the systemd script.
mkdir -p "$final_path/tmp/pids"
mkdir -p "$final_path/tmp/sockets"

# Create specific folders and links for subfolder compatibilityn
# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
(
	cd $final_path
	mkdir -p "public/forum"
	cd public/forum
	if [ ! -L ./uploads ]; then
		ln -s ../uploads
	fi
	if [ ! -L ./backups ]; then
		ln -s ../backups
	fi
)

# Set permissions to app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"

#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."

# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log"
ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log"
ynh_use_logrotate --logfile="$final_path/log/production.log"

#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."

yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log"

#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."

ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"

#=================================================
# DISABLE MAINTENANCE MODE
#=================================================
ynh_script_progression --message="Disabling maintenance mode..."

ynh_maintenance_mode_OFF

#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."

ynh_systemd_action --service_name=nginx --action=reload

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Upgrade of $app completed"