#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

# source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1

app=$YNH_APP_INSTANCE_NAME

domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)

#=================================================
# CHECK VERSION
#=================================================

upgrade_type=$(ynh_check_app_version_changed)

#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=3

# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
	ynh_app_setting_set --app=$app --key=is_public --value=1
	is_public=1
elif [ "$is_public" = "No" ]; then
	ynh_app_setting_set --app=$app --key=is_public --value=0
	is_public=0
elif [ -z "$is_public" ]
then
	if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml"
	then
		ynh_app_setting_set --app=$app --key=is_public --value=1
		is_public=1
	else
		ynh_app_setting_set --app=$app --key=is_public --value=0
		is_public=0
	fi
fi

# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
	final_path=/var/www/$app
	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi

#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=3

# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
	# restore it if the upgrade fails
	ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# CHECK THE PATH
#=================================================

# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)

#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Upgrading source files..." --weight=3

	# Download, check integrity, uncompress and patch the source from app.src
	ynh_setup_source --dest_dir="$final_path"
fi

#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..."

# Create a dedicated nginx config
ynh_add_nginx_config

#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2

# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app

#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=3

# Create a dedicated PHP-FPM config
ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION 

#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================

# Set permissions to app files
chown -R root: $final_path
# Files owned by user specific can just read
find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755

# except for data and tmp subdir, where the user must have write permissions
mkdir -p $final_path/{data,tmp}
chown -R $app:root $final_path/{data,tmp}
chmod 700 $final_path/{data,tmp}

#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..."

# If app is public, add url to SSOWat conf as skipped_uris
if [ $is_public -eq 1 ]; then
  # unprotected_uris allows SSO credentials to be passed anyway.
  ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
fi

#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."

ynh_systemd_action --service_name=nginx --action=reload

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Upgrade of $app completed" --last