#!/bin/bash

YNH_APP_BASEDIR=${YNH_APP_BASEDIR:-$(realpath ..)}

# Handle script crashes / failures
#
# [internal]
#
# usage:
# ynh_exit_properly is used only by the helper ynh_abort_if_errors.
# You should not use it directly.
# Instead, add to your script:
# ynh_clean_setup () {
#        instructions...
# }
#
# This function provide a way to clean some residual of installation that not managed by remove script.
#
# It prints a warning to inform that the script was failed, and execute the ynh_clean_setup function if used in the app script
#
# Requires YunoHost version 2.6.4 or higher.
ynh_exit_properly() {
    local exit_code=$?

    rm -rf "/var/cache/yunohost/download/"

    if [ "$exit_code" -eq 0 ]; then
        exit 0 # Exit without error if the script ended correctly
    fi

    trap '' EXIT # Ignore new exit signals
    # Do not exit anymore if a command fail or if a variable is empty
    set +o errexit # set +e
    set +o nounset # set +u

    # Small tempo to avoid the next message being mixed up with other DEBUG messages
    sleep 0.5

    if type -t ynh_clean_setup >/dev/null; then # Check if the function exist in the app script.
        ynh_clean_setup                         # Call the function to do specific cleaning for the app.
    fi

    # Exit with error status
    # We don't call ynh_die basically to avoid unecessary 10-ish
    # debug lines about parsing args and stuff just to exit 1..
    exit 1
}

# Exits if an error occurs during the execution of the script.
#
# usage: ynh_abort_if_errors
#
# This configure the rest of the script execution such that, if an error occurs
# or if an empty variable is used, the execution of the script stops immediately
# and a call to `ynh_clean_setup` is triggered if it has been defined by your script.
#
# Requires YunoHost version 2.6.4 or higher.
ynh_abort_if_errors() {
    set -o errexit              # set -e; Exit if a command fail
    set -o nounset              # set -u; And if a variable is used unset
    trap ynh_exit_properly EXIT # Capturing exit signals on shell script
}

# Download, check integrity, uncompress and patch the source from app.src
#
# usage: ynh_setup_source --dest_dir=dest_dir [--source_id=source_id] [--keep="file1 file2"]
# | arg: -d, --dest_dir=    - Directory where to setup sources
# | arg: -s, --source_id=   - Name of the source, defaults to `app`
# | arg: -k, --keep=        - Space-separated list of files/folders that will be backup/restored in $dest_dir, such as a config file you don't want to overwrite. For example 'conf.json secrets.json logs/'
#
# This helper will read `conf/${source_id}.src`, download and install the sources.
#
# The src file need to contains:
# ```
# SOURCE_URL=Address to download the app archive
# SOURCE_SUM=Control sum
# # (Optional) Program to check the integrity (sha256sum, md5sum...). Default: sha256
# SOURCE_SUM_PRG=sha256
# # (Optional) Archive format. Default: tar.gz
# SOURCE_FORMAT=tar.gz
# # (Optional) Put false if sources are directly in the archive root. Default: true
# # Instead of true, SOURCE_IN_SUBDIR could be the number of sub directories to remove.
# SOURCE_IN_SUBDIR=false
# # (Optionnal) Name of the local archive (offline setup support). Default: ${src_id}.${src_format}
# SOURCE_FILENAME=example.tar.gz
# # (Optional) If it set as false don't extract the source. Default: true
# # (Useful to get a debian package or a python wheel.)
# SOURCE_EXTRACT=(true|false)
# ```
#
# The helper will:
# - Check if there is a local source archive in `/opt/yunohost-apps-src/$APP_ID/$SOURCE_FILENAME`
# - Download `$SOURCE_URL` if there is no local archive
# - Check the integrity with `$SOURCE_SUM_PRG -c --status`
# - Uncompress the archive to `$dest_dir`.
#   - If `$SOURCE_IN_SUBDIR` is true, the first level directory of the archive will be removed.
#   - If `$SOURCE_IN_SUBDIR` is a numeric value, the N first level directories will be removed.
# - Patches named `sources/patches/${src_id}-*.patch` will be applied to `$dest_dir`
# - Extra files in `sources/extra_files/$src_id` will be copied to dest_dir
#
# Requires YunoHost version 2.6.4 or higher.
ynh_setup_source() {
    # Declare an array to define the options of this helper.
    local legacy_args=dsk
    local -A args_array=([d]=dest_dir= [s]=source_id= [k]=keep=)
    local dest_dir
    local source_id
    local keep
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    source_id="${source_id:-app}"
    keep="${keep:-}"

    local src_file_path="$YNH_APP_BASEDIR/conf/${source_id}.src"

    # Load value from configuration file (see above for a small doc about this file
    # format)
    local src_url=$(grep 'SOURCE_URL=' "$src_file_path" | cut --delimiter='=' --fields=2-)
    local src_sum=$(grep 'SOURCE_SUM=' "$src_file_path" | cut --delimiter='=' --fields=2-)
    local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$src_file_path" | cut --delimiter='=' --fields=2-)
    local src_format=$(grep 'SOURCE_FORMAT=' "$src_file_path" | cut --delimiter='=' --fields=2-)
    local src_extract=$(grep 'SOURCE_EXTRACT=' "$src_file_path" | cut --delimiter='=' --fields=2-)
    local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$src_file_path" | cut --delimiter='=' --fields=2-)
    local src_filename=$(grep 'SOURCE_FILENAME=' "$src_file_path" | cut --delimiter='=' --fields=2-)

    # Default value
    src_sumprg=${src_sumprg:-sha256sum}
    src_in_subdir=${src_in_subdir:-true}
    src_format=${src_format:-tar.gz}
    src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]')
    src_extract=${src_extract:-true}
    if [ "$src_filename" = "" ]; then
        src_filename="${source_id}.${src_format}"
    fi

    # (Unused?) mecanism where one can have the file in a special local cache to not have to download it...
    local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}"

    mkdir -p /var/cache/yunohost/download/${YNH_APP_ID}/
    src_filename="/var/cache/yunohost/download/${YNH_APP_ID}/${src_filename}"

    if test -e "$local_src"; then
        cp $local_src $src_filename
    else
        [ -n "$src_url" ] || ynh_die "Couldn't parse SOURCE_URL from $src_file_path ?"

        # NB. we have to declare the var as local first,
        # otherwise 'local foo=$(false) || echo 'pwet'" does'nt work
        # because local always return 0 ...
        local out
        # Timeout option is here to enforce the timeout on dns query and tcp connect (c.f. man wget)
        out=$(wget --tries 3 --no-dns-cache --timeout 900 --no-verbose --output-document=$src_filename $src_url 2>&1) \
            || ynh_die --message="$out"
    fi

    # Check the control sum
    echo "${src_sum} ${src_filename}" | ${src_sumprg} --check --status \
        || ynh_die --message="Corrupt source"

    # Keep files to be backup/restored at the end of the helper
    # Assuming $dest_dir already exists
    rm -rf /var/cache/yunohost/files_to_keep_during_setup_source/
    if [ -n "$keep" ] && [ -e "$dest_dir" ]; then
        local keep_dir=/var/cache/yunohost/files_to_keep_during_setup_source/${YNH_APP_ID}
        mkdir -p $keep_dir
        local stuff_to_keep
        for stuff_to_keep in $keep; do
            if [ -e "$dest_dir/$stuff_to_keep" ]; then
                mkdir --parents "$(dirname "$keep_dir/$stuff_to_keep")"
                cp --archive "$dest_dir/$stuff_to_keep" "$keep_dir/$stuff_to_keep"
            fi
        done
    fi

    # Extract source into the app dir
    mkdir --parents "$dest_dir"

    if [ -n "${final_path:-}" ] && [ "$dest_dir" == "$final_path" ]; then
        _ynh_apply_default_permissions $dest_dir
    fi

    if ! "$src_extract"; then
        mv $src_filename $dest_dir
    elif [ "$src_format" = "zip" ]; then
        # Zip format
        # Using of a temp directory, because unzip doesn't manage --strip-components
        if $src_in_subdir; then
            local tmp_dir=$(mktemp --directory)
            unzip -quo $src_filename -d "$tmp_dir"
            cp --archive $tmp_dir/*/. "$dest_dir"
            ynh_secure_remove --file="$tmp_dir"
        else
            unzip -quo $src_filename -d "$dest_dir"
        fi
        ynh_secure_remove --file="$src_filename"
    else
        local strip=""
        if [ "$src_in_subdir" != "false" ]; then
            if [ "$src_in_subdir" == "true" ]; then
                local sub_dirs=1
            else
                local sub_dirs="$src_in_subdir"
            fi
            strip="--strip-components $sub_dirs"
        fi
        if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]]; then
            tar --extract --file=$src_filename --directory="$dest_dir" $strip
        else
            ynh_die --message="Archive format unrecognized."
        fi
        ynh_secure_remove --file="$src_filename"
    fi

    # Apply patches
    if [ -d "$YNH_APP_BASEDIR/sources/patches/" ]; then
        local patches_folder=$(realpath $YNH_APP_BASEDIR/sources/patches/)
        if (($(find $patches_folder -type f -name "${source_id}-*.patch" 2>/dev/null | wc --lines) > "0")); then
            (
                cd "$dest_dir"
                for p in $patches_folder/${source_id}-*.patch; do
                    echo $p
                    patch --strip=1 <$p
                done
            ) || ynh_die --message="Unable to apply patches"
        fi
    fi

    # Add supplementary files
    if test -e "$YNH_APP_BASEDIR/sources/extra_files/${source_id}"; then
        cp --archive $YNH_APP_BASEDIR/sources/extra_files/$source_id/. "$dest_dir"
    fi

    # Keep files to be backup/restored at the end of the helper
    # Assuming $dest_dir already exists
    if [ -n "$keep" ]; then
        local keep_dir=/var/cache/yunohost/files_to_keep_during_setup_source/${YNH_APP_ID}
        local stuff_to_keep
        for stuff_to_keep in $keep; do
            if [ -e "$keep_dir/$stuff_to_keep" ]; then
                mkdir --parents "$(dirname "$dest_dir/$stuff_to_keep")"
                cp --archive "$keep_dir/$stuff_to_keep" "$dest_dir/$stuff_to_keep"
            fi
        done
    fi
    rm -rf /var/cache/yunohost/files_to_keep_during_setup_source/
}

# Curl abstraction to help with POST requests to local pages (such as installation forms)
#
# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
# | arg: page_uri    - Path (relative to `$path_url`) of the page where POST data will be sent
# | arg: key1=value1 - (Optionnal) POST key and corresponding value
# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
# | arg: ...         - (Optionnal) More POST keys and values
#
# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
#
# For multiple calls, cookies are persisted between each call for the same app
#
# `$domain` and `$path_url` should be defined externally (and correspond to the domain.tld and the /path (of the app?))
#
# Requires YunoHost version 2.6.4 or higher.
ynh_local_curl() {
    # Define url of page to curl
    local local_page=$(ynh_normalize_url_path $1)
    local full_path=$path_url$local_page

    if [ "${path_url}" == "/" ]; then
        full_path=$local_page
    fi

    local full_page_url=https://localhost$full_path

    # Concatenate all other arguments with '&' to prepare POST data
    local POST_data=""
    local arg=""
    for arg in "${@:2}"; do
        POST_data="${POST_data}${arg}&"
    done
    if [ -n "$POST_data" ]; then
        # Add --data arg and remove the last character, which is an unecessary '&'
        POST_data="--data ${POST_data::-1}"
    fi

    # Wait untils nginx has fully reloaded (avoid curl fail with http2)
    sleep 2

    local cookiefile=/tmp/ynh-$app-cookie.txt
    touch $cookiefile
    chown root $cookiefile
    chmod 700 $cookiefile

    # Curl the URL
    curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
}

# Create a dedicated config file from a template
#
# usage: ynh_add_config --template="template" --destination="destination"
# | arg: -t, --template=     - Template config file to use
# | arg: -d, --destination=    - Destination of the config file
#
# examples:
#    ynh_add_config --template=".env" --destination="$final_path/.env"
#    ynh_add_config --template="../conf/.env" --destination="$final_path/.env"
#    ynh_add_config --template="/etc/nginx/sites-available/default" --destination="etc/nginx/sites-available/mydomain.conf"
#
# The template can be by default the name of a file in the conf directory
# of a YunoHost Package, a relative path or an absolute path.
#
# The helper will use the template `template` to generate a config file
# `destination` by replacing the following keywords with global variables
# that should be defined before calling this helper :
# ```
#   __PATH__                by $path_url
#   __NAME__                by $app
#   __NAMETOCHANGE__        by $app
#   __USER__                by $app
#   __FINALPATH__           by $final_path
#   __PHPVERSION__          by $YNH_PHP_VERSION
#   __YNH_NODE_LOAD_PATH__  by $ynh_node_load_PATH
# ```
# And any dynamic variables that should be defined before calling this helper like:
# ```
#   __DOMAIN__   by $domain
#   __APP__      by $app
#   __VAR_1__    by $var_1
#   __VAR_2__    by $var_2
# ```
#
# The helper will verify the checksum and backup the destination file
# if it's different before applying the new template.
#
# And it will calculate and store the destination file checksum
# into the app settings when configuration is done.
#
# Requires YunoHost version 4.1.0 or higher.
ynh_add_config() {
    # Declare an array to define the options of this helper.
    local legacy_args=tdv
    local -A args_array=([t]=template= [d]=destination=)
    local template
    local destination
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    local template_path

    if [ -f "$YNH_APP_BASEDIR/conf/$template" ]; then
        template_path="$YNH_APP_BASEDIR/conf/$template"
    elif [ -f "$template" ]; then
        template_path=$template
    else
        ynh_die --message="The provided template $template doesn't exist"
    fi

    ynh_backup_if_checksum_is_different --file="$destination"

    # Make sure to set the permissions before we copy the file
    # This is to cover a case where an attacker could have
    # created a file beforehand to have control over it
    # (cp won't overwrite ownership / modes by default...)
    touch $destination
    chown root:root $destination
    chmod 640 $destination

    cp -f "$template_path" "$destination"

    _ynh_apply_default_permissions $destination

    ynh_replace_vars --file="$destination"

    ynh_store_file_checksum --file="$destination"
}

# Replace variables in a file
#
# [internal]
#
# usage: ynh_replace_vars --file="file"
# | arg: -f, --file=     - File where to replace variables
#
# The helper will replace the following keywords with global variables
# that should be defined before calling this helper :
#   __PATH__                by $path_url
#   __NAME__                by $app
#   __NAMETOCHANGE__        by $app
#   __USER__                by $app
#   __FINALPATH__           by $final_path
#   __PHPVERSION__          by $YNH_PHP_VERSION
#   __YNH_NODE_LOAD_PATH__  by $ynh_node_load_PATH
#
# And any dynamic variables that should be defined before calling this helper like:
#   __DOMAIN__   by $domain
#   __APP__      by $app
#   __VAR_1__    by $var_1
#   __VAR_2__    by $var_2
#
# Requires YunoHost version 4.1.0 or higher.
ynh_replace_vars() {
    # Declare an array to define the options of this helper.
    local legacy_args=f
    local -A args_array=([f]=file=)
    local file
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    # Replace specific YunoHost variables
    if test -n "${path_url:-}"; then
        # path_url_slash_less is path_url, or a blank value if path_url is only '/'
        local path_url_slash_less=${path_url%/}
        ynh_replace_string --match_string="__PATH__/" --replace_string="$path_url_slash_less/" --target_file="$file"
        ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$file"
    fi
    if test -n "${app:-}"; then
        ynh_replace_string --match_string="__NAME__" --replace_string="$app" --target_file="$file"
        ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$file"
        ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$file"
    fi
    if test -n "${final_path:-}"; then
        ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$file"
    fi
    if test -n "${YNH_PHP_VERSION:-}"; then
        ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$YNH_PHP_VERSION" --target_file="$file"
    fi
    if test -n "${ynh_node_load_PATH:-}"; then
        ynh_replace_string --match_string="__YNH_NODE_LOAD_PATH__" --replace_string="$ynh_node_load_PATH" --target_file="$file"
    fi

    # Replace others variables

    # List other unique (__ __) variables in $file
    local uniques_vars=($(grep -oP '__[A-Z0-9]+?[A-Z0-9_]*?[A-Z0-9]*?__' $file | sort --unique | sed "s@__\([^.]*\)__@\L\1@g"))

    # Do the replacement
    local delimit=@
    for one_var in "${uniques_vars[@]}"; do
        # Validate that one_var is indeed defined
        # -v checks if the variable is defined, for example:
        #     -v FOO  tests if $FOO is defined
        #     -v $FOO tests if ${!FOO} is defined
        # More info: https://stackoverflow.com/questions/3601515/how-to-check-if-a-variable-is-set-in-bash/17538964#comment96392525_17538964
        [[ -v "${one_var:-}" ]] || ynh_die --message="Variable \$$one_var wasn't initialized when trying to replace __${one_var^^}__ in $file"

        # Escape delimiter in match/replace string
        match_string="__${one_var^^}__"
        match_string=${match_string//${delimit}/"\\${delimit}"}
        replace_string="${!one_var}"
        replace_string=${replace_string//\\/\\\\}
        replace_string=${replace_string//${delimit}/"\\${delimit}"}

        # Actually replace (sed is used instead of ynh_replace_string to avoid triggering an epic amount of debug logs)
        sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$file"
    done
}

# Get a value from heterogeneous file (yaml, json, php, python...)
#
# usage: ynh_read_var_in_file --file=PATH --key=KEY
# | arg: -f, --file=     - the path to the file
# | arg: -k, --key=     - the key to get
#
# This helpers match several var affectation use case in several languages
# We don't use jq or equivalent to keep comments and blank space in files
# This helpers work line by line, it is not able to work correctly
# if you have several identical keys in your files
#
# Example of line this helpers can managed correctly
# .yml
#     title: YunoHost documentation
#     email: 'yunohost@yunohost.org'
# .json
#     "theme": "colib'ris",
#     "port": 8102
#     "some_boolean":     false,
#     "user": null
# .ini
#     some_boolean = On
#     action = "Clear"
#     port = 20
# .php
#     $user=
#     user => 20
# .py
#     USER = 8102
#     user = 'https://donate.local'
#     CUSTOM['user'] = 'YunoHost'
#
# Requires YunoHost version 4.3 or higher.
ynh_read_var_in_file() {
    # Declare an array to define the options of this helper.
    local legacy_args=fka
    local -A args_array=([f]=file= [k]=key= [a]=after=)
    local file
    local key
    local after
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    after="${after:-}"

    [[ -f $file ]] || ynh_die --message="File $file does not exists"

    set +o xtrace # set +x

    # Get the line number after which we search for the variable
    local line_number=1
    if [[ -n "$after" ]]; then
        line_number=$(grep -n $after $file | cut -d: -f1)
        if [[ -z "$line_number" ]]; then
            set -o xtrace # set -x
            return 1
        fi
    fi

    local filename="$(basename -- "$file")"
    local ext="${filename##*.}"
    local endline=',;'
    local assign="=>|:|="
    local comments="#"
    local string="\"'"
    if [[ "$ext" =~ ^ini|env|toml|yml|yaml$ ]]; then
        endline='#'
    fi
    if [[ "$ext" =~ ^ini|env$ ]]; then
        comments="[;#]"
    fi
    if [[ "php" == "$ext" ]] || [[ "$ext" == "js" ]]; then
        comments="//"
    fi
    local list='\[\s*['$string']?\w+['$string']?\]'
    local var_part='^\s*((const|var|let)\s+)?\$?(\w+('$list')*(->|\.|\[))*\s*'
    var_part+="[$string]?${key}[$string]?"
    var_part+='\s*\]?\s*'
    var_part+="($assign)"
    var_part+='\s*'

    # Extract the part after assignation sign
    local expression_with_comment="$(tail +$line_number ${file} | grep -i -o -P $var_part'\K.*$' || echo YNH_NULL | head -n1)"
    if [[ "$expression_with_comment" == "YNH_NULL" ]]; then
        set -o xtrace # set -x
        echo YNH_NULL
        return 0
    fi

    # Remove comments if needed
    local expression="$(echo "$expression_with_comment" | sed "s@${comments}[^$string]*\$@@g" | sed "s@\s*[$endline]*\s*]*\$@@")"

    local first_char="${expression:0:1}"
    if [[ "$first_char" == '"' ]]; then
        echo "$expression" | grep -m1 -o -P '"\K([^"](\\")?)*[^\\](?=")' | head -n1 | sed 's/\\"/"/g'
    elif [[ "$first_char" == "'" ]]; then
        echo "$expression" | grep -m1 -o -P "'\K([^'](\\\\')?)*[^\\\\](?=')" | head -n1 | sed "s/\\\\'/'/g"
    else
        echo "$expression"
    fi
    set -o xtrace # set -x
}

# Set a value into heterogeneous file (yaml, json, php, python...)
#
# usage: ynh_write_var_in_file --file=PATH --key=KEY --value=VALUE
# | arg: -f, --file=     - the path to the file
# | arg: -k, --key=     - the key to set
# | arg: -v, --value=     - the value to set
#
# Requires YunoHost version 4.3 or higher.
ynh_write_var_in_file() {
    # Declare an array to define the options of this helper.
    local legacy_args=fkva
    local -A args_array=([f]=file= [k]=key= [v]=value= [a]=after=)
    local file
    local key
    local value
    local after
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    after="${after:-}"

    [[ -f $file ]] || ynh_die --message="File $file does not exists"

    set +o xtrace # set +x

    # Get the line number after which we search for the variable
    local line_number=1
    if [[ -n "$after" ]]; then
        line_number=$(grep -n $after $file | cut -d: -f1)
        if [[ -z "$line_number" ]]; then
            set -o xtrace # set -x
            return 1
        fi
    fi
    local range="${line_number},\$ "

    local filename="$(basename -- "$file")"
    local ext="${filename##*.}"
    local endline=',;'
    local assign="=>|:|="
    local comments="#"
    local string="\"'"
    if [[ "$ext" =~ ^ini|env|toml|yml|yaml$ ]]; then
        endline='#'
    fi
    if [[ "$ext" =~ ^ini|env$ ]]; then
        comments="[;#]"
    fi
    if [[ "php" == "$ext" ]] || [[ "$ext" == "js" ]]; then
        comments="//"
    fi
    local list='\[\s*['$string']?\w+['$string']?\]'
    local var_part='^\s*((const|var|let)\s+)?\$?(\w+('$list')*(->|\.|\[))*\s*'
    var_part+="[$string]?${key}[$string]?"
    var_part+='\s*\]?\s*'
    var_part+="($assign)"
    var_part+='\s*'

    # Extract the part after assignation sign
    local expression_with_comment="$(tail +$line_number ${file} | grep -i -o -P $var_part'\K.*$' || echo YNH_NULL | head -n1)"
    if [[ "$expression_with_comment" == "YNH_NULL" ]]; then
        set -o xtrace # set -x
        return 1
    fi

    # Remove comments if needed
    local expression="$(echo "$expression_with_comment" | sed "s@${comments}[^$string]*\$@@g" | sed "s@\s*[$endline]*\s*]*\$@@")"
    endline=${expression_with_comment#"$expression"}
    endline="$(echo "$endline" | sed 's/\\/\\\\/g')"
    value="$(echo "$value" | sed 's/\\/\\\\/g')"
    local first_char="${expression:0:1}"
    delimiter=$'\001'
    if [[ "$first_char" == '"' ]]; then
        # \ and sed is quite complex you need 2 \\ to get one in a sed
        # So we need \\\\ to go through 2 sed
        value="$(echo "$value" | sed 's/"/\\\\"/g')"
        sed -ri "${range}s$delimiter"'(^'"${var_part}"'")([^"]|\\")*("[\s;,]*)(\s*'$comments'.*)?$'$delimiter'\1'"${value}"'"'"${endline}${delimiter}i" ${file}
    elif [[ "$first_char" == "'" ]]; then
        # \ and sed is quite complex you need 2 \\ to get one in a sed
        # However double quotes implies to double \\ to
        # So we need \\\\\\\\ to go through 2 sed and 1 double quotes str
        value="$(echo "$value" | sed "s/'/\\\\\\\\'/g")"
        sed -ri "${range}s$delimiter(^${var_part}')([^']|\\')*('"'[\s,;]*)(\s*'$comments'.*)?$'$delimiter'\1'"${value}'${endline}${delimiter}i" ${file}
    else
        if [[ "$value" == *"'"* ]] || [[ "$value" == *'"'* ]] || [[ "$ext" =~ ^php|py|json|js$ ]]; then
            value='\"'"$(echo "$value" | sed 's/"/\\\\"/g')"'\"'
        fi
        if [[ "$ext" =~ ^yaml|yml$ ]]; then
            value=" $value"
        fi
        sed -ri "${range}s$delimiter(^${var_part}).*\$$delimiter\1${value}${endline}${delimiter}i" ${file}
    fi
    set -o xtrace # set -x
}

# Render templates with Jinja2
#
# [internal]
#
# Attention : Variables should be exported before calling this helper to be
# accessible inside templates.
#
# usage: ynh_render_template some_template output_path
# | arg: some_template - Template file to be rendered
# | arg: output_path   - The path where the output will be redirected to
ynh_render_template() {
    local template_path=$1
    local output_path=$2
    mkdir -p "$(dirname $output_path)"
    # Taken from https://stackoverflow.com/a/35009576
    python3 -c 'import os, sys, jinja2; sys.stdout.write(
                    jinja2.Template(sys.stdin.read()
                    ).render(os.environ));' <$template_path >$output_path
}

# Fetch the Debian release codename
#
# usage: ynh_get_debian_release
# | ret: The Debian release codename (i.e. jessie, stretch, ...)
#
# Requires YunoHost version 2.7.12 or higher.
ynh_get_debian_release() {
    echo $(lsb_release --codename --short)
}

# Create a directory under /tmp
#
# [internal]
#
# Deprecated helper
#
# usage: ynh_mkdir_tmp
# | ret: the created directory path
ynh_mkdir_tmp() {
    ynh_print_warn --message="The helper ynh_mkdir_tmp is deprecated."
    ynh_print_warn --message="You should use 'mktemp -d' instead and manage permissions \
properly with chmod/chown."
    local TMP_DIR=$(mktemp --directory)

    # Give rights to other users could be a security risk.
    # But for retrocompatibility we need it. (This helpers is deprecated)
    chmod 755 $TMP_DIR
    echo $TMP_DIR
}

_acceptable_path_to_delete() {
    local file=$1

    local forbidden_paths=$(ls -d / /* /{var,home,usr}/* /etc/{default,sudoers.d,yunohost,cron*})

    # Legacy : A couple apps still have data in /home/$app ...
    if [[ -n "$app" ]]
    then
        forbidden_paths=$(echo "$forbidden_paths" | grep -v "/home/$app")
    fi

    # Use realpath to normalize the path ..
    # i.e convert ///foo//bar//..///baz//// to /foo/baz
    file=$(realpath --no-symlinks "$file")
    if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then
        return 1
    else
        return 0
    fi
}


# Remove a file or a directory securely
#
# usage: ynh_secure_remove --file=path_to_remove
# | arg: -f, --file=    - File or directory to remove
#
# Requires YunoHost version 2.6.4 or higher.
ynh_secure_remove() {
    # Declare an array to define the options of this helper.
    local legacy_args=f
    local -A args_array=([f]=file=)
    local file
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    set +o xtrace # set +x

    if [ $# -ge 2 ]; then
        ynh_print_warn --message="/!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time."
    fi

    if [[ -z "$file" ]]; then
        ynh_print_warn --message="ynh_secure_remove called with empty argument, ignoring."
    elif [[ ! -e $file ]]; then
        ynh_print_info --message="'$file' wasn't deleted because it doesn't exist."
    elif ! _acceptable_path_to_delete "$file"; then
        ynh_print_warn --message="Not deleting '$file' because it is not an acceptable path to delete."
    else
        rm --recursive "$file"
    fi

    set -o xtrace # set -x
}

# Extract a key from a plain command output
#
# [internal]
#
# (Deprecated, use --output-as json and jq instead)
ynh_get_plain_key() {
    local prefix="#"
    local found=0
    # We call this key_ so that it's not caught as
    # an info to be redacted by the core
    local key_=$1
    shift
    while read line; do
        if [[ "$found" == "1" ]]; then
            [[ "$line" =~ ^${prefix}[^#] ]] && return
            echo $line
        elif [[ "$line" =~ ^${prefix}${key_}$ ]]; then
            if [[ -n "${1:-}" ]]; then
                prefix+="#"
                key_=$1
                shift
            else
                found=1
            fi
        fi
    done
}

# Read the value of a key in a ynh manifest file
#
# usage: ynh_read_manifest --manifest="manifest.json" --key="key"
# | arg: -m, --manifest=    - Path of the manifest to read
# | arg: -k, --key=         - Name of the key to find
# | ret: the value associate to that key
#
# Requires YunoHost version 3.5.0 or higher.
ynh_read_manifest() {
    # Declare an array to define the options of this helper.
    local legacy_args=mk
    local -A args_array=([m]=manifest= [k]=manifest_key=)
    local manifest
    local manifest_key
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    if [ ! -e "$manifest" ]; then
        # If the manifest isn't found, try the common place for backup and restore script.
        manifest="$YNH_APP_BASEDIR/manifest.json"
    fi

    jq ".$manifest_key" "$manifest" --raw-output
}

# Read the upstream version from the manifest or `$YNH_APP_MANIFEST_VERSION`
#
# usage: ynh_app_upstream_version [--manifest="manifest.json"]
# | arg: -m, --manifest=    - Path of the manifest to read
# | ret: the version number of the upstream app
#
# If the `manifest` is not specified, the envvar `$YNH_APP_MANIFEST_VERSION` will be used.
#
# The version number in the manifest is defined by `<upstreamversion>~ynh<packageversion>`.
#
# For example, if the manifest contains `4.3-2~ynh3` the function will return `4.3-2`
#
# Requires YunoHost version 3.5.0 or higher.
ynh_app_upstream_version() {
    # Declare an array to define the options of this helper.
    local legacy_args=m
    local -A args_array=([m]=manifest=)
    local manifest
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    manifest="${manifest:-}"

    if [[ "$manifest" != "" ]] && [[ -e "$manifest" ]]; then
        version_key_=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version")
    else
        version_key_=$YNH_APP_MANIFEST_VERSION
    fi

    echo "${version_key_/~ynh*/}"
}

# Read package version from the manifest
#
# usage: ynh_app_package_version [--manifest="manifest.json"]
# | arg: -m, --manifest=    - Path of the manifest to read
# | ret: the version number of the package
#
# The version number in the manifest is defined by `<upstreamversion>~ynh<packageversion>`.
#
# For example, if the manifest contains `4.3-2~ynh3` the function will return `3`
#
# Requires YunoHost version 3.5.0 or higher.
ynh_app_package_version() {
    # Declare an array to define the options of this helper.
    local legacy_args=m
    local -A args_array=([m]=manifest=)
    local manifest
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    version_key_=$YNH_APP_MANIFEST_VERSION
    echo "${version_key_/*~ynh/}"
}

# Checks the app version to upgrade with the existing app version and returns:
#
# usage: ynh_check_app_version_changed
# | ret: `UPGRADE_APP` if the upstream version changed, `UPGRADE_PACKAGE` otherwise.
#
# This helper should be used to avoid an upgrade of an app, or the upstream part
# of it, when it's not needed
#
# You can force an upgrade, even if the package is up to date, with the `--force` (or `-F`) argument :
# ```
# sudo yunohost app upgrade <appname> --force
# ```
# Requires YunoHost version 3.5.0 or higher.
ynh_check_app_version_changed() {
    local return_value=${YNH_APP_UPGRADE_TYPE}

    if [ "$return_value" == "UPGRADE_FULL" ] || [ "$return_value" == "UPGRADE_FORCED" ] || [ "$return_value" == "DOWNGRADE_FORCED" ]; then
        return_value="UPGRADE_APP"
    fi

    echo $return_value
}

# Compare the current package version against another version given as an argument.
#
# usage: ynh_compare_current_package_version --comparison (lt|le|eq|ne|ge|gt) --version <X~ynhY>
# | arg: --comparison - Comparison type. Could be : `lt` (lower than), `le` (lower or equal), `eq` (equal), `ne` (not equal), `ge` (greater or equal), `gt` (greater than)
# | arg: --version - The version to compare. Need to be a version in the yunohost package version type (like `2.3.1~ynh4`)
# | ret: 0 if the evaluation is true, 1 if false.
#
# example: ynh_compare_current_package_version --comparison lt --version 2.3.2~ynh1
#
# This helper is usually used when we need to do some actions only for some old package versions.
#
# Generally you might probably use it as follow in the upgrade script :
# ```
# if ynh_compare_current_package_version --comparison lt --version 2.3.2~ynh1
# then
#     # Do something that is needed for the package version older than 2.3.2~ynh1
# fi
# ```
#
# Requires YunoHost version 3.8.0 or higher.
ynh_compare_current_package_version() {
    local legacy_args=cv
    declare -Ar args_array=([c]=comparison= [v]=version=)
    local version
    local comparison
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    local current_version=$YNH_APP_CURRENT_VERSION

    # Check the syntax of the versions
    if [[ ! $version =~ '~ynh' ]] || [[ ! $current_version =~ '~ynh' ]]; then
        ynh_die --message="Invalid argument for version."
    fi

    # Check validity of the comparator
    if [[ ! $comparison =~ (lt|le|eq|ne|ge|gt) ]]; then
        ynh_die --message="Invalid comparator must be : lt, le, eq, ne, ge, gt"
    fi

    # Return the return value of dpkg --compare-versions
    dpkg --compare-versions $current_version $comparison $version
}

# Check if we should enforce sane default permissions (= disable rwx for 'others')
# on file/folders handled with ynh_setup_source and ynh_add_config
#
# [internal]
#
# Having a file others-readable or a folder others-executable(=enterable)
# is a security risk comparable to "chmod 777"
#
# Configuration files may contain secrets. Or even just being able to enter a
# folder may allow an attacker to do nasty stuff (maybe a file or subfolder has
# some write permission enabled for 'other' and the attacker may edit the
# content or create files as leverage for priviledge escalation ...)
#
# The sane default should be to set ownership to $app:$app.
# In specific case, you may want to set the ownership to $app:www-data
# for example if nginx needs access to static files.
#
_ynh_apply_default_permissions() {
    local target=$1

    local ynh_requirement=$(jq -r '.requirements.yunohost' $YNH_APP_BASEDIR/manifest.json | tr -d '>= ')

    if [ -z "$ynh_requirement" ] || [ "$ynh_requirement" == "null" ] || dpkg --compare-versions $ynh_requirement ge 4.2; then
        chmod o-rwx $target
        chmod g-w $target
        chown -R root:root $target
        if ynh_system_user_exists $app; then
            chown $app:$app $target
        fi
    fi
}