#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source /usr/share/yunohost/helpers

#=================================================
# MANAGE SCRIPT FAILURE
#=================================================

# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================

domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
password=$YNH_APP_ARG_PASSWORD
is_public=$YNH_APP_ARG_IS_PUBLIC
with_mysql=$YNH_APP_ARG_WITH_MYSQL

app=$YNH_APP_INSTANCE_NAME
app_nb=$YNH_APP_INSTANCE_NUMBER

#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================

final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"

# Check password strength
[[ ${#password} -gt 5 ]] || ynh_die \
"The password is too weak, it must be longer than 5 characters"

# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)

# Register (book) web path
ynh_webpath_register $app $domain $path_url

#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================

user=webapp${app_nb}
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app with_mysql $with_mysql
ynh_app_setting_set $app password "$password"
ynh_app_setting_set $app user $user
ynh_app_setting_set $app final_path $final_path

#=================================================
# STANDARD MODIFICATIONS
#=================================================
# CREATE A MYSQL DATABASE
#=================================================

if [ $with_mysql -eq 1 ]; then
    db_name=$(ynh_sanitize_dbid $app)
    ynh_app_setting_set $app db_name $db_name
    ynh_mysql_setup_db $db_name $db_name
fi

#=================================================
# NGINX CONFIGURATION
#=================================================

# Create a dedicated nginx config
ynh_add_nginx_config

#=================================================
# CREATE DEDICATED USER
#=================================================

# Create a standard user (not a system user for sftp)
ynh_system_user_exists "$user" || \
    useradd -d "$final_path" -M --user-group "$user"
# Add the password to this user
chpasswd <<< "${user}:${password}"

#=================================================
# SPECIFIC SETUP
#=================================================
# CONFIGURE SSH
#=================================================

# Harden SSH connection for the user
echo "##-> ${app}
# Hardening user connection
Match User ${user}
  ChrootDirectory %h
  ForceCommand internal-sftp
  AllowTcpForwarding no
  PermitTunnel no
  X11Forwarding no
##<- ${app}" | tee -a /etc/ssh/sshd_config >/dev/null

systemctl reload ssh

#=================================================
# FILL AND COPY SOURCE FILES
#=================================================

ynh_replace_string "__DOMAIN__" "$domain" ../sources/www/index.html
ynh_replace_string "__USER__" "$user" ../sources/www/index.html

if [ $with_mysql -eq 1 ]; then
    # Store the database access
    echo -e "# MySQL Database
    name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > ../sources/db_access.txt
fi

# Copy files to the right place
cp -r ../sources "$final_path"

#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Configuring php-fpm..."

# Create a dedicated php-fpm config
ynh_replace_string "__USER__" "$user" "../conf/php-fpm.conf"
ynh_add_fpm_config

#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================

# Set permissions to app files
chown -R $user: "$final_path"
# Home directory of the user needs to be owned by root to allow
# SFTP connections
chown root: "$final_path"

#=================================================
# SETUP SSOWAT
#=================================================

# Make app public if necessary
if [ $is_public -eq 1 ]
then
	ynh_app_setting_set $app skipped_uris "/"
fi

#=================================================
# RELOAD NGINX
#=================================================

systemctl reload nginx