#!/bin/bash

# Exit on command errors and treat unset variables as an error
set -eu

# This is a multi-instance app, meaning it can be installed several times independently
# The id of the app as stated in the manifest is available as $YNH_APP_ID
# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
# The app instance name is available as $YNH_APP_INSTANCE_NAME
#    - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
#    - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
#    - ynhexample__{N} for the subsequent installations, with N=3,4, ...
# The app instance name is probably what you are interested the most, since this is
# guaranteed to be unique. This is a good unique identifier to define installation path,
# db names, ...
app=$YNH_APP_INSTANCE_NAME

# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path=${YNH_APP_ARG_PATH%/}
admin=$YNH_APP_ARG_ADMIN
title=$YNH_APP_ARG_TITLE
is_public=$YNH_APP_ARG_IS_PUBLIC
www_path=/var/www
final_path=$www_path/$app

# Source YunoHost helpers$
source /usr/share/yunohost/helpers

# Save app settings
ynh_app_setting_set "$app" admin "$admin"
ynh_app_setting_set "$app" is_public "$is_public"
ynh_app_setting_set "$app" path "$path"

# Check domain/path availability
sudo yunohost app checkurl "${domain}${path}" -a "$app" \
    || ynh_die "Path not available: ${domain}${path}"

tmp=/tmp/flaruminstall
sudo rm -rf $tmp
sudo mkdir -p $tmp
sudo chown -R www-data:www-data $tmp
sudo chmod -R 755 $tmp

# Prepare composer and cache directories
sudo mkdir -p /var/www/.composer/cache
sudo chown -R www-data:www-data /var/www/.composer
sudo chmod -R 755 /var/www/.composer

### composer ###
if ! type "composer" > /dev/null; then
  # Install composer (https://getcomposer.org)
  EXPECTED_SIGNATURE=$(wget https://composer.github.io/installer.sig -O - -q)
  sudo su - www-data -s /bin/bash -c "php -r \"copy('https://getcomposer.org/installer', '$tmp/composer-setup.php');\""
  ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$tmp/composer-setup.php');")
  if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ]
  then
      sudo su - root -c "grep -q -F 'env[COMPOSER_HOME]= /var/www/.composer' /etc/php5/fpm/php-fpm.conf || sudo echo 'env[COMPOSER_HOME]= /var/www/.composer' >> /etc/php5/fpm/php-fpm.conf"
      sudo service php5-fpm reload
      sudo su - www-data -s /bin/bash -c "php $tmp/composer-setup.php --install-dir=$tmp --filename=composer"
      sudo mv $tmp/composer /usr/local/bin
      sudo chown root:root /usr/local/bin/composer
      RESULT=$?
  else
      >&2 echo 'ERROR: Invalid installer signature'
      RESULT=1
  fi
  if [ $RESULT != 0 ]
  then
    sudo rm -rf $final_path
    exit $RESULT
  fi
fi
### composer end ###

### Install flarum
cwd=$(pwd)
sudo su - www-data -s /bin/bash -c "mkdir -p $tmp/$app && cd $tmp/$app && php -d memory_limit=-1 /usr/local/bin/composer create-project flarum/flarum . --stability=beta"
sudo cp -Rf $tmp/$app $www_path/
sudo chown -R www-data:www-data $final_path
cd $cwd
sudo rm -rf $tmp

### MySQL ###
dbuser=$app
dbname=$app
dbpass=$(ynh_string_random 15)
ynh_app_setting_set "$app" mysqlpwd "$dbpass"
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"

### Nginx ###
if [ $path = "" ]; then
nginx_conf=../conf/nginx_root.conf
else
nginx_conf=../conf/nginx.conf
fi
sed -i "s@YNH_WWW_PATH@$path@g" $nginx_conf
sed -i "s@YNH_WWW_ALIAS@$app/@g" $nginx_conf
sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf
sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf

### PHP ###
sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf
sed -i "s@YNH_WWW_ALIAS@$app/@g" ../conf/php-fpm.conf
finalphpconf=/etc/php5/fpm/pool.d/$app.conf
sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf
sudo chmod 644 $finalphpconf
sudo service php5-fpm reload

# If app is public, add url to SSOWat conf as skipped_uris
if [[ $is_public -eq 1 ]]; then
  # unprotected_uris allows SSO credentials to be passed anyway.
  ynh_app_setting_set "$app" unprotected_uris "/"
fi
  ynh_app_setting_set "$app" skipped_uris "/api"
  sudo yunohost app ssowatconf

# Reload services
sudo service nginx reload

# Install the SSOwat auth extension
sudo su - www-data -s /bin/bash -c "cd $final_path && composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev'"

### POST-INSTALL ###
if [[ -n $admin && -n $title ]]; then
adminpass=$(ynh_string_random 8)
sed -i "s@YNH_APP_DOMAIN@$domain@g" ../sources/configuration.yml
sed -i "s@/YNH_WWW_PATH@$path@g" ../sources/configuration.yml
sed -i "s@YNH_WWW_APP@$app@g" ../sources/configuration.yml
sed -i "s@YNH_DB_PASS@$dbpass@g" ../sources/configuration.yml
sed -i "s@YNH_ADMIN_USER@$admin@g" ../sources/configuration.yml
sed -i "s@YNH_ADMIN_PASS@$adminpass@g" ../sources/configuration.yml
adminemail=$(ynh_user_get_info $admin mail)
sed -i "s%YNH_ADMIN_EMAIL%$adminemail%g" ../sources/configuration.yml
sed -i "s@YNH_FORUM_TITLE@$title@g" ../sources/configuration.yml
sudo cp ../sources/configuration.yml $final_path
sudo su - www-data -s /bin/bash -c "cd $final_path && php -d memory_limit=-1 flarum install -f configuration.yml"
sudo rm $final_path/configuration.yml

# Generate and add root token for user creation and deletion
roottoken=$(ynh_string_random 40)
apitablesql="CREATE TABLE IF NOT EXISTS api_keys (api_key TEXT(40) NOT NULL UNIQUE)"
rootsql="INSERT INTO api_keys VALUES ('"$roottoken"')"
ynh_mysql_execute_as_root "$apitablesql" $dbname
ynh_mysql_execute_as_root "$rootsql" $dbname
ynh_app_setting_set "$app" root_token "$roottoken"
fi

# Configure SSOwat auth extension
ssowatdomain=$(</etc/yunohost/current_host)
data='{"flarum-ext-auth-ssowat.address": "'$ssowatdomain'"}'
rep=$(curl -s -o /dev/null -w "%{http_code}" -k -i \
    -H "Content-Type: application/json" \
    -H "Authorization: Token $roottoken; userId=1" \
    -X POST -d "$data" \
    -L https://${domain}${path}/api/settings )
echo $path
exit 0
if [[ $rep != 204 ]]; then
    echo "SSOwat domain setting failed"
    exit 1
fi
data='{"flarum-ext-auth-ssowat.onlyUse": true}'
rep=$(curl -s -o /dev/null -w "%{http_code}" -k -i \
    -H "Content-Type: application/json" \
    -H "Authorization: Token $roottoken; userId=1" \
    -X POST -d "$data" \
    -L https://${domain}${path}/api/settings )
if [[ $rep != 204 ]]; then
    echo "SSOwat auth exclusivity failed"
    exit 1
fi

# Enable the selected admin to login with SSOwat
adminsql="UPDATE users SET ssowat_id = '$admin' WHERE username = '$admin'"
ynh_mysql_execute_as_root "$adminsql" $dbname

# Create missing users
for username in $(ynh_user_list); do
    if [ "$username" == "$admin" ]; then continue; else
        userpass=$(ynh_string_random 16)
        usermail=$(ynh_user_get_info $username 'mail')
        data='{"data":{"attributes":{"username":"'$username'","email":"'$usermail'","password":"'$userpass'"}}}'
        rep=$(curl -s -o /dev/null -w "%{http_code}" -k -i \
                   -H "Content-Type: application/json" \
                   -H "Authentication: Token $roottoken" \
                   -X POST -d "$data" \
                   -L https://${domain}${path}/api/users )
        if [[ $rep != 201 ]]; then
            echo "Flarum account creation failed for $username"
            exit 1
        fi
    usersql="UPDATE users SET ssowat_id = '$username' WHERE username = '$username'"
    ynh_mysql_execute_as_root "$usersql" $dbname
    fi
done