#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1

app=$YNH_APP_INSTANCE_NAME

domain=$(ynh_app_setting_get --app="$app" --key=domain)
path_url=$(ynh_app_setting_get --app="$app" --key=path)
admin=$(ynh_app_setting_get --app="$app" --key=admin)
is_public=$(ynh_app_setting_get --app="$app" --key=is_public)
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
language=$(ynh_app_setting_get --app="$app" --key=language)
wiki_name=$(ynh_app_setting_get --app="$app" --key=wiki_name)
db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
db_pwd=$(ynh_app_setting_get --app="$app" --key=mysqlpwd)
ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user)
ldap_password=$(ynh_app_setting_get --app="$app" --key=ldap_password)

# Note(decentral1se): avoid using this on upgrade for the versions
# of the application that upgrade and have not stored this in their
# settings (when it was not available to them). Later on, when we have
# moved a few versions on, we can re-enable this
# wiki_name=$(ynh_app_setting_get --app="$app" --key=wiki_name)

#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1

# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
    ynh_app_setting_set --app="$app" --key=is_public --value=1
    is_public=1
elif [ "$is_public" = "No" ]; then
    ynh_app_setting_set --app="$app" --key=is_public --value=0
    is_public=0
fi

# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
    db_name=$(ynh_sanitize_dbid --db_name="$app")
    ynh_app_setting_set --app="$app" --key=db_name --value="$db_name"
fi

# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
    final_path="/var/www/$app"
    ynh_app_setting_set --app="$app" --key=final_path --value="$final_path"
fi

#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=6

# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
    # restore it if the upgrade fails
    ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# CHECK THE PATH
#=================================================

# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path --path_url="$path_url")

#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=4

ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="ldap_authentication2"
ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="ldap_provider"
ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="pluggable_auth"

# Note(decentral1se): Disabled and unused for now ...
# ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="ldap_groups"
# ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="ldap_userinfo"
# ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="ldap_authorization"

#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1

# Create a dedicated nginx config
ynh_add_nginx_config

#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=3

ynh_install_app_dependencies "${pkg_dependencies[@]}"

#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1

# Create a dedicated user (if not existing)
ynh_system_user_create --username="$app"

#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=1

# Create a dedicated php-fpm config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion)

#=================================================
# SPECIFIC UPGRADE
#=================================================
# CREATE DEDICATED LDAP USER
#=================================================
ynh_script_progression --message="Creating dedicated LDAP user if necessary..." --weight=1

if [[ -z "$ldap_user" ]]; then
    ldap_user="${app}_ldap"
    ldap_password=$(ynh_string_random --length=8)
    ynh_app_setting_set --app="$app" --key=ldap_user --value="$ldap_user"
    ynh_app_setting_set --app="$app" --key=ldap_password --value="$ldap_password"
    yunohost user create "$ldap_user" \
        --firstname "MediaWikiLdap" --lastname "MediaWikiLdap" \
        --mail "${ldap_user}@$domain" --password "$ldap_password" -q 0
fi

#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE"

#=================================================
# REPLACE CONFIGURATION SETTINGS
#=================================================
ynh_script_progression --message="Upgrading application files..." --weight=4

rm "$final_path/LocalSettings.php"
cp ../conf/LocalSettings.php "$final_path/LocalSettings.php"

ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__WIKI_NAME__" --replace_string="$wiki_name"
ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__ADMIN__"     --replace_string="$admin"

if [ "$path_url" = "/" ]; then
    # MediaWiki expects a "" for the root URL which is typically assumed to be
    # "/" by other application packages. Therefore, we assume end-users will do
    # this as well and make sure to ensure an "" in all cases where "/" is
    # specified
    ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__PATH__"  --replace_string=""
else
    ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__PATH__"  --replace_string="$path_url"
fi

ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__DOMAIN__"    --replace_string="$domain"
ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__DB_NAME__"   --replace_string="$db_name"
ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__DB_USER__"   --replace_string="$db_name"
ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__DB_PWD__"    --replace_string="$db_pwd"
ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LANGUAGE__"  --replace_string="$language"

secret=$(ynh_string_random 64)
ynh_app_setting_set "$app" secret "$secret"
ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__SECRET__"    --replace_string="$secret"

ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_USER__" --replace_string="$ldap_user"
ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_PASSWORD__" --replace_string="$ldap_password"

# Check for admin password being too short for the new mediawiki requirements
password_length=$(ynh_app_setting_get --app="$app" --key=admin_password | awk '{print length}')
if (( password_length < 10 )); then
    ynh_print_warn -m "The current admin password is $password_length long. Mediawiki now requires a 10 chars minimum password."
    ynh_print_warn -m "We are adapting the minimum length, but that would be great to change the admin password."
    echo '$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;' >> "$final_path/LocalSettings.php"
fi

"php$phpversion" "$final_path/maintenance/update.php"

#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================

# Set permissions on app files
chown -R "$app:$app" "$final_path"

#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1

# Upgrade from the legacy permissions system
protected_uris=$(ynh_app_setting_get --app="$app" --key=protected_uris)
if [ -n "${protected_uris}" ]; then
  ynh_app_setting_delete --app="$app" --key=protected_uris
fi

# Make app public if necessary
if [ $is_public -eq 1 ]; then
  # Allow public access on /
  ynh_permission_update --permission "main" --add "visitors"
fi

#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --weight=1

ynh_systemd_action --service_name=nginx --action=reload

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Upgrade of $app completed" --last