#!/bin/bash

YNH_APP_BASEDIR=${YNH_APP_BASEDIR:-$(realpath ..)}

# Handle script crashes / failures
#
# [internal]
#
ynh_exit_properly() {
    local exit_code=$?

    if [[ "${YNH_APP_ACTION:-}" =~ ^install$|^upgrade$|^restore$ ]]
    then
        rm -rf "/var/cache/yunohost/download/"
    fi

    if [ "$exit_code" -eq 0 ]; then
        exit 0 # Exit without error if the script ended correctly
    fi

    trap '' EXIT # Ignore new exit signals
    # Do not exit anymore if a command fail or if a variable is empty
    set +o errexit # set +e
    set +o nounset # set +u

    # Small tempo to avoid the next message being mixed up with other DEBUG messages
    sleep 0.5

    # Exit with error status
    # We don't call ynh_die basically to avoid unecessary 10-ish
    # debug lines about parsing args and stuff just to exit 1..
    exit 1
}

# Exits if an error occurs during the execution of the script.
#
# [packagingv1]
#
# usage: ynh_abort_if_errors
#
# This configure the rest of the script execution such that, if an error occurs
# or if an empty variable is used, the execution of the script stops immediately
ynh_abort_if_errors() {
    set -o errexit              # set -e; Exit if a command fail
    set -o nounset              # set -u; And if a variable is used unset
    trap ynh_exit_properly EXIT # Capturing exit signals on shell script
}

# When running an app script, auto-enable ynh_abort_if_errors except for remove script
if [[ "${YNH_CONTEXT:-}" != "regenconf" ]] && [[ "${YNH_APP_ACTION}" != "remove" ]]
then
    ynh_abort_if_errors
fi

# Execute a command after sudoing as $app
#
# Note that the $PATH variable is preserved (using --preserve-env=PATH)
#
# usage: ynh_exec_as_app COMMAND [ARG ...]
ynh_exec_as_app() {
    sudo --preserve-env=PATH -u "$app" "$@"
}

# Curl abstraction to help with POST requests to local pages (such as installation forms)
#
# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
# | arg: page_uri    - Path (relative to `$path`) of the page where POST data will be sent
# | arg: key1=value1 - (Optionnal) POST key and corresponding value
# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
# | arg: ...         - (Optionnal) More POST keys and values
#
# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
#
# For multiple calls, cookies are persisted between each call for the same app
#
# `$domain` and `$path` should be defined externally (and correspond to the domain.tld and the /path (of the app?))
ynh_local_curl() {
    # Define url of page to curl
    local local_page=$(ynh_normalize_url_path $1)
    local full_path=$path$local_page

    if [ "${path}" == "/" ]; then
        full_path=$local_page
    fi

    local full_page_url=https://localhost$full_path

    # Concatenate all other arguments with '&' to prepare POST data
    local POST_data=""
    local arg=""
    for arg in "${@:2}"; do
        POST_data="${POST_data}${arg}&"
    done
    if [ -n "$POST_data" ]; then
        # Add --data arg and remove the last character, which is an unecessary '&'
        POST_data="--data ${POST_data::-1}"
    fi

    # Wait untils nginx has fully reloaded (avoid curl fail with http2)
    sleep 2

    local cookiefile=/tmp/ynh-$app-cookie.txt
    touch $cookiefile
    chown root $cookiefile
    chmod 700 $cookiefile

    # Temporarily enable visitors if needed...
    local visitors_enabled=$(ynh_permission_has_user --permission="main" --user="visitors" && echo yes || echo no)
    if [[ $visitors_enabled == "no" ]]; then
        ynh_permission_update --permission="main" --add="visitors"
    fi

    # Curl the URL
    curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile

    if [[ $visitors_enabled == "no" ]]; then
        ynh_permission_update --permission="main" --remove="visitors"
    fi
}

_acceptable_path_to_delete() {
    local file=$1

    local forbidden_paths=$(ls -d / /* /{var,home,usr}/* /etc/{default,sudoers.d,yunohost,cron*} /etc/yunohost/{apps,domains,hooks.d} /opt/yunohost 2> /dev/null)

    # Legacy : A couple apps still have data in /home/$app ...
    if [[ -n "${app:-}" ]]
    then
        forbidden_paths=$(echo "$forbidden_paths" | grep -v "/home/$app")
    fi

    # Use realpath to normalize the path ..
    # i.e convert ///foo//bar//..///baz//// to /foo/baz
    file=$(realpath --no-symlinks "$file")
    if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then
        return 1
    else
        return 0
    fi
}

# Remove a file or a directory, checking beforehand that it's not a disastrous location to rm such as entire /var or /home
#
# usage: ynh_safe_rm path_to_remove
ynh_safe_rm() {
    local target="$1"
    set +o xtrace # set +x

    if [ $# -ge 2 ]; then
        ynh_print_warn "/!\ Packager ! You provided more than one argument to ynh_safe_rm but it will be ignored... Use this helper with one argument at time."
    fi

    if [[ -z "$target" ]]; then
        ynh_print_warn "ynh_safe_rm called with empty argument, ignoring."
    elif [[ ! -e "$target" ]] && [[ ! -L "$target" ]]; then
        ynh_print_info "'$target' wasn't deleted because it doesn't exist."
    elif ! _acceptable_path_to_delete "$target"; then
        ynh_print_warn "Not deleting '$target' because it is not an acceptable path to delete."
    else
        rm --recursive "$target"
    fi

    set -o xtrace # set -x
}

# Read the value of a key in the app's manifest
#
# usage: ynh_read_manifest "key"
# | arg: key - Name of the key to find
# | ret: the value associate to that key
ynh_read_manifest() {
    cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq ".$1" --raw-output
}

# Return the app upstream version, deduced from `$YNH_APP_MANIFEST_VERSION` and strippig the `~ynhX` part
#
# usage: ynh_app_upstream_version
# | ret: the version number of the upstream app
#
# For example, if the manifest contains `4.3-2~ynh3` the function will return `4.3-2`
ynh_app_upstream_version() {
    echo "${YNH_APP_MANIFEST_VERSION/~ynh*/}"
}

# Return 0 if the "upstream" part of the version changed, or 1 otherwise (ie only the ~ynh suffix changed)
#
# usage: if ynh_app_upstream_version_changed; then ...
ynh_app_upstream_version_changed() {
    # "UPGRADE_PACKAGE" means only the ~ynh prefix changed
    [[ "$YNH_APP_UPGRADE_TYPE" == "UPGRADE_PACKAGE" ]] && return 1 || return 0
}

# Compare the current package version is strictly lower than another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before() {
    local version=$1
    [[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"

    dpkg --compare-versions $YNH_APP_CURRENT_VERSION lt $version
}

# Compare the current package version is lower or equal to another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before_or_equal_to 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before_or_equal_to() {
    local version=$1
    [[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"

    dpkg --compare-versions $YNH_APP_CURRENT_VERSION le $version
}

# Apply sane permissions for files installed by ynh_setup_source and ynh_config_add.
#
# [internal]
#
# * Anything below $install_dir is chown $app:$app and chmod o-rwx,g-w
# * The rest is considered as system configuration and chown root, chmod 400
#
_ynh_apply_default_permissions() {
    local target=$1

    is_in_dir() {
        # Returns false if parent is empty
        [ -n "$2" ] || return 1
        local child=$(realpath "$1" 2>/dev/null)
        local parent=$(realpath "$2" 2>/dev/null)
        [[ "${child}" =~ ^$parent ]]
    }

    # App files can have files of their own
    if ynh_system_user_exists --username="$app"; then
        # If this is a file in $install_dir or $data_dir : it should be owned and read+writable by $app only
        if [ -f "$target" ] && (is_in_dir "$target" "${install_dir:-}" || is_in_dir "$target" "${data_dir:-}" || is_in_dir "$target" "/etc/$app")
        then
            chmod 600 "$target"
            chown "$app:$app" "$target"
            return
        fi
        # If this is the install dir (so far this is the only way this helper is called with a directory)
        if [ "$target" ==  "${install_dir:-}" ]
        then
            # Read the group from the install_dir manifest resource
            local group="$(ynh_read_manifest 'resources.install_dir.group' | sed 's/null//g' | sed "s/__APP__/$app/g" | cut -f1 -d:)"
            if [[ -z "$group" ]]
            then
                # We set the group to www-data for webapps that do serve static assets, which therefore need to be readable by nginx ...
                # The fact that the app needs this is infered by the existence of an nginx.conf and the presence of "alias" or "root" directive
                if grep -q '^\s*alias\s\|^\s*root\s' "$YNH_APP_BASEDIR/conf/nginx.conf" 2>/dev/null;
                then
                    group="www-data"
                # Or default to "$app"
                else
                    group="$app"
                fi
            fi
            # Files inside should be owned by $app with rw-r----- (+x for folders or files that already have +x)
            # The group needs read/dirtraversal (in particular if it's www-data)
            chmod -R u=rwX,g=rX,o=--- "$target"
            chown -R "$app:$group" "$target"
            return
        fi
    fi

    # Other files are considered system
    chmod 400 "$target"
    chown root:root "$target"
}

int_to_bool() {
    sed -e 's/^1$/True/g' -e 's/^0$/False/g' -e 's/^true$/True/g' -e 's/^false$/False/g'
}

toml_to_json() {
    python3 -c 'import toml, json, sys; print(json.dumps(toml.load(sys.stdin)))'
}

# Validate an IP address
#
# usage: ynh_validate_ip --family=family --ip_address=ip_address
# | ret: 0 for valid ip addresses, 1 otherwise
#
# example: ynh_validate_ip 4 111.222.333.444
ynh_validate_ip() {
    # ============ Argument parsing =============
    local -A args_array=([f]=family= [i]=ip_address=)
    local family
    local ip_address
    ynh_handle_getopts_args "$@"
    # ===========================================

    [ "$family" == "4" ] || [ "$family" == "6" ] || return 1

    # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
    python3 /dev/stdin <<EOF
import socket
import sys
family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
try:
    socket.inet_pton(family["$family"], "$ip_address")
except socket.error:
    sys.exit(1)
sys.exit(0)
EOF
}

# Get the total or free amount of RAM+swap on the system
#
# [packagingv1]
#
# usage: ynh_get_ram [--free|--total]
# | arg: --free         - Count free RAM+swap
# | arg: --total        - Count total RAM+swap
# | ret: the amount of free ram, in MB (MegaBytes)
ynh_get_ram() {
    # ============ Argument parsing =============
    local -A args_array=([f]=free [t]=total)
    local free
    local total
    ynh_handle_getopts_args "$@"
    free=${free:-0}
    total=${total:-0}
    # ===========================================

    if [ $free -eq $total ]; then
        ynh_print_warn "You have to choose --free or --total when using ynh_get_ram"
        ram=0
    elif [ $free -eq 1 ]; then
        local free_ram=$(LC_ALL=C vmstat --stats --unit M | grep "free memory" | awk '{print $1}')
        local free_swap=$(LC_ALL=C vmstat --stats --unit M | grep "free swap" | awk '{print $1}')
        local free_ram_swap=$((free_ram + free_swap))
        local ram=$free_ram_swap
    elif [ $total -eq 1 ]; then
        local total_ram=$(LC_ALL=C vmstat --stats --unit M | grep "total memory" | awk '{print $1}')
        local total_swap=$(LC_ALL=C vmstat --stats --unit M | grep "total swap" | awk '{print $1}')
        local total_ram_swap=$((total_ram + total_swap))
        local ram=$total_ram_swap
    fi

    echo $ram
}

# Check if the scripts are being run by the package_check in CI
#
# usage: ynh_in_ci_tests
#
# Return 0 if in CI, 1 otherwise
ynh_in_ci_tests() {
    [ "${PACKAGE_CHECK_EXEC:-0}" -eq 1 ]
}

# Retrieve a YunoHost user information
#
# usage: ynh_user_get_info --username=username --key=key
# | arg: --username=    - the username to retrieve info from
# | arg: --key=         - the key to retrieve
# | ret: the value associate to that key
#
# example: mail=$(ynh_user_get_info --username="toto" --key=mail)
ynh_user_get_info() {
    # ============ Argument parsing =============
    local -A args_array=([u]=username= [k]=key=)
    local username
    local key
    ynh_handle_getopts_args "$@"
    # ===========================================

    yunohost user info "$username" --output-as json --quiet | jq -r ".$key"
}

# Get the list of YunoHost users
#
# usage: ynh_user_list
# | ret: one username per line as strings
#
# example: for u in $(ynh_user_list); do ... ; done
ynh_user_list() {
    yunohost user list --output-as json --quiet | jq -r ".users | keys[]"
}

# Spawn a Bash shell with the app environment loaded
#
# usage: ynh_spawn_app_shell "appname"
#
# examples:
#   ynh_spawn_app_shell "foobar" <<< 'echo "$USER"'
#   ynh_spawn_app_shell "foobar" < /tmp/some_script.bash
#
# The spawned shell will have environment variables loaded and environment files sourced
# from the app's service configuration file (defaults to $app.service, overridable by the packager with `service` setting).
# If the app relies on a specific PHP version, then `php` will be aliased that version. The PHP command will also be appended with the `phpflags` settings.
ynh_spawn_app_shell() {
        local app=$1

        # Force Bash to be used to run this helper
        [[ $0 =~ \/?bash$ ]] || ynh_die "Please use Bash as shell"

        # Make sure the app is installed
        test -d /etc/yunohost/apps/$app || ynh_die "$app is not an installed app ?!"

        # Make sure the app has its own user
        id -u "$app" &>/dev/null || ynh_die "There is no \"$app\" system user"

        # Make sure the app has an install_dir setting
        local install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
        [ -n "$install_dir" ] || ynh_die "$app has no install_dir setting (does it use packaging format >=2?)"

        # Load the app's service name, or default to $app
        local service=$(ynh_app_setting_get --app=$app --key=service)
        [ -z "$service" ] && service=$app;

        # Export HOME variable
        export HOME=$install_dir;

        # Load the Environment variables from the app's service
        local env_var=$(systemctl show $service.service -p "Environment" --value)
        [ -n "$env_var" ] && export $env_var;

        # Force `php` to its intended version
        # We use `eval`+`export` since `alias` is not propagated to subshells, even with `export`
        local phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
        local phpflags=$(ynh_app_setting_get --app=$app --key=phpflags)
        if [ -n "$phpversion" ]
        then
            eval "php() { php${phpversion} ${phpflags} \"\$@\"; }"
            export -f php
        fi

        # Source the EnvironmentFiles from the app's service
        local env_files=($(systemctl show $service.service -p "EnvironmentFiles" --value))
        if [ ${#env_files[*]} -gt 0 ]
        then
            # set -/+a enables and disables new variables being automatically exported. Needed when using `source`.
            set -a
            for file in ${env_files[*]}
            do
                [[ $file = /* ]] && source $file
            done
            set +a
        fi

        # Activate the Python environment, if it exists
        if [ -f $install_dir/venv/bin/activate ]
        then
            # set -/+a enables and disables new variables being automatically exported. Needed when using `source`.
            set -a
            source $install_dir/venv/bin/activate
            set +a
        fi

        # cd into the WorkingDirectory set in the service, or default to the install_dir
        local env_dir=$(systemctl show $service.service -p "WorkingDirectory" --value)
        [ -z $env_dir ] && env_dir=$install_dir;
        cd $env_dir

        # Spawn the app shell
        su -s /bin/bash $app
}

# Add swap
#
# usage: ynh_add_swap --size=SWAP in Mb
# | arg: -s, --size= - Amount of SWAP to add in Mb.
ynh_add_swap () {
  if systemd-detect-virt --container --quiet; then
    ynh_print_warn --message="You are inside a container/VM. swap will not be added, but that can cause troubles for the app $app. Please make sure you have enough RAM available."
    return
  fi

	# Declare an array to define the options of this helper.
	declare -Ar args_array=( [s]=size= )
	local size
	# Manage arguments with getopts
	ynh_handle_getopts_args "$@"

	local swap_max_size=$(( $size * 1024 ))

	local free_space=$(df --output=avail / | sed 1d)
	# Because we don't want to fill the disk with a swap file, divide by 2 the available space.
	local usable_space=$(( $free_space / 2 ))

 	SD_CARD_CAN_SWAP=${SD_CARD_CAN_SWAP:-0}

	# Swap on SD card only if it's is specified
	if ynh_is_main_device_a_sd_card && [ "$SD_CARD_CAN_SWAP" == "0" ]
	then
		ynh_print_warn --message="The main mountpoint of your system '/' is on an SD card, swap will not be added to prevent some damage of this one, but that can cause troubles for the app $app. If you still want activate the swap, you can relaunch the command preceded by 'SD_CARD_CAN_SWAP=1'"
		return
	fi

	# Compare the available space with the size of the swap.
	# And set a acceptable size from the request
	if [ $usable_space -ge $swap_max_size ]
	then
		local swap_size=$swap_max_size
	elif [ $usable_space -ge $(( $swap_max_size / 2 )) ]
	then
		local swap_size=$(( $swap_max_size / 2 ))
	elif [ $usable_space -ge $(( $swap_max_size / 3 )) ]
	then
		local swap_size=$(( $swap_max_size / 3 ))
	elif [ $usable_space -ge $(( $swap_max_size / 4 )) ]
	then
		local swap_size=$(( $swap_max_size / 4 ))
	else
		echo "Not enough space left for a swap file" >&2
		local swap_size=0
	fi

	# If there's enough space for a swap, and no existing swap here
	if [ $swap_size -ne 0 ] && [ ! -e /swap_$app ]
	then
		# Create file
		truncate -s 0 /swap_$app
		
		# set the No_COW attribute on the swapfile with chattr
		chattr +C /swap_$app
		
		# Preallocate space for the swap file, fallocate may sometime not be used, use dd instead in this case
		if ! fallocate -l ${swap_size}K /swap_$app
		then
			dd if=/dev/zero of=/swap_$app bs=1024 count=${swap_size}
		fi
		chmod 0600 /swap_$app
		# Create the swap
		mkswap /swap_$app
		# And activate it
		swapon /swap_$app
		# Then add an entry in fstab to load this swap at each boot.
		echo -e "/swap_$app swap swap defaults 0 0 #Swap added by $app" >> /etc/fstab
	fi
}

ynh_del_swap () {
	# If there a swap at this place
	if [ -e /swap_$app ]
	then
		# Clean the fstab
		sed -i "/#Swap added by $app/d" /etc/fstab
		# Desactive the swap file
		swapoff /swap_$app
		# And remove it
		rm /swap_$app
	fi
}

# Check if the device of the main mountpoint "/" is an SD card
#
# [internal]
#
# return 0 if it's an SD card, else 1
ynh_is_main_device_a_sd_card () {
  if [ "$(systemd-detect-virt)" != "none" ]; then
    # Assume virtualization does not take place on SD card
    return 1
  fi

	local main_device=$(lsblk --output PKNAME --noheadings $(findmnt / --nofsroot --uniq --output source --noheadings --first-only))

	if echo $main_device | grep --quiet "mmc" && [ $(tail -n1 /sys/block/$main_device/queue/rotational) == "0" ]
	then
		return 0
	else
		return 1
	fi
}

# Check available space before creating a temp directory.
#
# usage: ynh_smart_mktemp --min_size="Min size"
#
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
ynh_smart_mktemp () {
    # Declare an array to define the options of this helper.
    declare -Ar args_array=( [s]=min_size= )
    local min_size
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    min_size="${min_size:-300}"
    # Transform the minimum size from megabytes to kilobytes
    min_size=$(( $min_size * 1024 ))

    # Check if there's enough free space in a directory
    is_there_enough_space () {
            local free_space=$(df --output=avail "$1" | sed 1d)
            test $free_space -ge $min_size
    }

    if is_there_enough_space /tmp; then
            local tmpdir=/tmp
    elif is_there_enough_space /var; then
            local tmpdir=/var
    elif is_there_enough_space /; then
            local tmpdir=/   
    elif is_there_enough_space /home; then
            local tmpdir=/home
    else
            ynh_die "Insufficient free space to continue..."
    fi

    echo "$(mktemp --directory --tmpdir="$tmpdir")"
}