#!/bin/bash

# Get an application setting
#
# usage: ynh_app_setting_get --app=app --key=key
# | arg: -a, --app - the application id
# | arg: -k, --key - the setting to get
#
# Requires YunoHost version 2.2.4 or higher.
ynh_app_setting_get() {
    # Declare an array to define the options of this helper.
    local legacy_args=ak
    declare -Ar args_array=( [a]=app= [k]=key= )
    local app
    local key
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    ynh_app_setting "get" "$app" "$key"
}

# Set an application setting
#
# usage: ynh_app_setting_set --app=app --key=key --value=value
# | arg: -a, --app - the application id
# | arg: -k, --key - the setting name to set
# | arg: -v, --value - the setting value to set
#
# Requires YunoHost version 2.2.4 or higher.
ynh_app_setting_set() {
    # Declare an array to define the options of this helper.
    local legacy_args=akv
    declare -Ar args_array=( [a]=app= [k]=key= [v]=value= )
    local app
    local key
    local value
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    ynh_app_setting "set" "$app" "$key" "$value"
}

# Delete an application setting
#
# usage: ynh_app_setting_delete --app=app --key=key
# | arg: -a, --app - the application id
# | arg: -k, --key - the setting to delete
#
# Requires YunoHost version 2.2.4 or higher.
ynh_app_setting_delete() {
    # Declare an array to define the options of this helper.
    local legacy_args=ak
    declare -Ar args_array=( [a]=app= [k]=key= )
    local app
    local key
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    ynh_app_setting "delete" "$app" "$key"
}

# Add skipped_uris urls into the config
#
# usage: ynh_add_skipped_uris [--appid=app] --url=url1,url2 [--regex]
# | arg: -a, --appid - the application id
# | arg: -u, --url - the urls to add to the sso for this app
# | arg: -r, --regex - Use the key 'skipped_regex' instead of 'skipped_uris'
#
# An URL set with 'skipped_uris' key will be totally ignored by the SSO,
# which means that the access will be public and the logged-in user information will not be passed to the app.
#
# Requires YunoHost version 3.6.0 or higher.
ynh_add_skipped_uris() {
    # Declare an array to define the options of this helper.
    local legacy_args=aur
    declare -Ar args_array=( [a]=appid= [u]=url= [r]=regex )
    local appid
    local url
    local regex
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    appid={appid:-$app}
    regex={regex:-0}

    local key=skipped_uris
    if [ $regex -eq 1 ]; then
        key=skipped_regex
    fi

    ynh_app_setting_set --app=$appid --key=$key --value="$url"
}

# Add unprotected_uris urls into the config
#
# usage: ynh_add_unprotected_uris [--appid=app] --url=url1,url2 [--regex]
# | arg: -a, --appid - the application id
# | arg: -u, --url - the urls to add to the sso for this app
# | arg: -r, --regex - Use the key 'unprotected_regex' instead of 'unprotected_uris'
#
# An URL set with unprotected_uris key will be accessible publicly, but if an user is logged in,
# his information will be accessible (through HTTP headers) to the app.
#
# Requires YunoHost version 3.6.0 or higher.
ynh_add_unprotected_uris() {
    # Declare an array to define the options of this helper.
    local legacy_args=aur
    declare -Ar args_array=( [a]=appid= [u]=url= [r]=regex )
    local appid
    local url
    local regex
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    appid={appid:-$app}
    regex={regex:-0}

    local key=unprotected_uris
    if [ $regex -eq 1 ]; then
        key=unprotected_regex
    fi

    ynh_app_setting_set --app=$appid --key=$key --value="$url"
}

# Add protected_uris urls into the config
#
# usage: ynh_add_protected_uris [--appid=app] --url=url1,url2 [--regex]
# | arg: -a, --appid - the application id
# | arg: -u, --url - the urls to add to the sso for this app
# | arg: -r, --regex - Use the key 'protected_regex' instead of 'protected_uris'
#
# An URL set with protected_uris will be blocked by the SSO and accessible only to authenticated and authorized users.
#
# Requires YunoHost version 3.6.0 or higher.
ynh_add_protected_uris() {
    # Declare an array to define the options of this helper.
    local legacy_args=aur
    declare -Ar args_array=( [a]=appid= [u]=url= [r]=regex )
    local appid
    local url
    local regex
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    appid={appid:-$app}
    regex={regex:-0}

    local key=protected_uris
    if [ $regex -eq 1 ]; then
        key=protected_regex
    fi

    ynh_app_setting_set --app=$appid --key=$key --value="$url"
}

# Small "hard-coded" interface to avoid calling "yunohost app" directly each
# time dealing with a setting is needed (which may be so slow on ARM boards)
#
# [internal]
#
ynh_app_setting()
{
    ACTION="$1" APP="$2" KEY="$3" VALUE="${4:-}" python - <<EOF
import os, yaml
app, action = os.environ['APP'], os.environ['ACTION'].lower()
key, value = os.environ['KEY'], os.environ.get('VALUE', None)
setting_file = "/etc/yunohost/apps/%s/settings.yml" % app
assert os.path.exists(setting_file), "Setting file %s does not exists ?" % setting_file
with open(setting_file) as f:
    settings = yaml.load(f)
if action == "get":
    if key in settings:
        print(settings[key])
else:
    if action == "delete":
        if key in settings:
            del settings[key]
    elif action == "set":
        if key in ['redirected_urls', 'redirected_regex']:
            value = yaml.load(value)
        if key in ["unprotected_uris", "unprotected_regex", "protected_uris", "protected_regex"]:
           logger.warning("/!\\ Packagers! This app is using the legacy permission system. Please delete these legacy settings and use the new helpers 'ynh_permission_{create,urls,update,delete}' and the 'visitors' group to manage public/private access.")
        settings[key] = value
    else:
        raise ValueError("action should either be get, set or delete")
    with open(setting_file, "w") as f:
        yaml.safe_dump(settings, f, default_flow_style=False)
EOF
}

# Check availability of a web path
#
# example: ynh_webpath_available --domain=some.domain.tld --path_url=/coffee
#
# usage: ynh_webpath_available --domain=domain --path_url=path
# | arg: -d, --domain - the domain/host of the url
# | arg: -p, --path_url - the web path to check the availability of
#
# Requires YunoHost version 2.6.4 or higher.
ynh_webpath_available () {
	# Declare an array to define the options of this helper.
	local legacy_args=dp
	declare -Ar args_array=( [d]=domain= [p]=path_url= )
	local domain
	local path_url
	# Manage arguments with getopts
	ynh_handle_getopts_args "$@"

	sudo yunohost domain url-available $domain $path_url
}

# Register/book a web path for an app
#
# example: ynh_webpath_register --app=wordpress --domain=some.domain.tld --path_url=/coffee
#
# usage: ynh_webpath_register --app=app --domain=domain --path_url=path
# | arg: -a, --app - the app for which the domain should be registered
# | arg: -d, --domain - the domain/host of the web path
# | arg: -p, --path_url - the web path to be registered
#
# Requires YunoHost version 2.6.4 or higher.
ynh_webpath_register () {
	# Declare an array to define the options of this helper.
	local legacy_args=adp
	declare -Ar args_array=( [a]=app= [d]=domain= [p]=path_url= )
	local app
	local domain
	local path_url
	# Manage arguments with getopts
	ynh_handle_getopts_args "$@"

	sudo yunohost app register-url $app $domain $path_url
}

# Create a new permission for the app
#
# example: ynh_permission_create --permission admin --urls /admin
#
# usage: ynh_permission_create --permission "permission" [--urls "url" ["url" ...]]
# | arg: permission - the name for the permission (by default a permission named "main" already exist)
# | arg: urls - (optional) a list of FULL urls for the permission (e.g. domain.tld/apps/admin)
# | arg: urls - (optional) a list of URLs to specify for the permission.
#
#  URLs are assumed to be relative to the app domain/path if they start with '/'.
#  For example:
#     /                             -> domain.tld/app
#     /admin                        -> domain.tld/app/admin
#     domain.tld/app/api            -> domain.tld/app/api
#
#  URLs can be treated as regexes when they start with "re:".
#  For example:
#     re:/api/[A-Z]*$               -> domain.tld/app/api/[A-Z]*$
#     re:domain.tld/app/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$
#
ynh_permission_create() {
    declare -Ar args_array=( [p]=permission= [u]=urls= )
    local permission
    local urls
    ynh_handle_getopts_args "$@"

    if [[ -n ${urls:-} ]]; then
        urls=",urls=['${urls//';'/"','"}']"
    fi
    yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$app.$permission' ${urls:-}, sync_perm=False)"
}

# Remove a permission for the app (note that when the app is removed all permission is automatically removed)
#
# example: ynh_permission_delete --permission editors
#
# usage: ynh_permission_delete --permission "permission"
# | arg: permission - the name for the permission (by default a permission named "main" is removed automatically when the app is removed)
#
ynh_permission_delete() {
    declare -Ar args_array=( [p]=permission= )
    local permission
    ynh_handle_getopts_args "$@"

    yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$app.$permission', sync_perm=False)"
}

# Manage urls related to a permission
#
# usage: ynh_permission_urls --permission "permission" --add "url" ["url" ...] --remove "url" ["url" ...]
# | arg: permission - the name for the permission (by default a permission named "main" is removed automatically when the app is removed)
# | arg: add - (optional) a list of urls to add to the permission (see permission_create for details regarding their format)
# | arg: remove - (optional) a list of urls to remove from the permission (see permission_create for details regarding their format)
#
ynh_permission_urls() {
    declare -Ar args_array=([p]=permission= [a]=add= [r]=remove=)
    local permission
    local add
    local remove
    ynh_handle_getopts_args "$@"

    if [[ -n ${add:-} ]]; then
        add=",add=['${add//';'/"','"}']"
    fi
    if [[ -n ${remove:-} ]]; then
        remove=",remove=['${remove//';'/"','"}']"
    fi

    yunohost tools shell -c "from yunohost.permission import permission_urls; permission_urls('$app.$permission' ${add:-} ${remove:-})"
}

# Update a permission for the app
#
# usage: ynh_permission_update --permission "permission" --add "group" ["group" ...] --remove  "group" ["group" ...]
# | arg: permission - the name for the permission (by default a permission named "main" already exist)
# | arg: add - the list of group or users to enable add to the permission
# | arg: remove - the list of group or users to remove from the permission
#
# example: ynh_permission_update --permission admin --add samdoe --remove all_users
ynh_permission_update() {
    declare -Ar args_array=( [p]=permission= [a]=add= [r]=remove= )
    local permission
    local add
    local remove
    ynh_handle_getopts_args "$@"

    if [[ -n ${add:-} ]]; then
        add="--add ${add//';'/" "}"
    fi
    if [[ -n ${remove:-} ]]; then
        remove="--remove ${remove//';'/" "} "
    fi

    yunohost user permission update "$app.$permission" ${add:-} ${remove:-}
}