#!/usr/bin/env bash

# AUTHOR: Clemens Schwaighofer
# DATE: 2025/7/4
# DESC: Initial setup of the webhook clone folder structure

BASE_FOLDER=$(dirname "$(readlink -f "$0")")"/";
CONFIG_BASE="${BASE_FOLDER}../config/";
if [ -f "${CONFIG_BASE}webhook.cfg" ]; then
	# shellcheck source=../config/webhook.cfg"
	# shellcheck disable=SC1091
	source <(grep "=" "${CONFIG_BASE}webhook.cfg" | sed 's/ *= */=/g')
fi;

# abort on not set

error=0;
if [ -z "${GIT_REPOSITORY_FOLDER}" ]; then
	echo "Missing GIT_REPOSITORY_FOLDER entry";
	error=1;
fi;
if [ -z "${WWW_GROUP}" ]; then
	echo "Missing WWW_GROUP entry";
	error=1;
elif ! getent group "${WWW_GROUP}" > /dev/null 2>&1; then
	echo "Group ${WWW_GROUP} does not exist. Is it the Apache web group?";
	error=1;
fi;
if [ -z "${SUDO_USER}" ]; then
	echo "Missing SUDO_USER entry";
	error=1;
elif [ "${USE_SUDO}" = "0" ] && ! id "${SUDO_USER}" &>/dev/null; then
	echo "SUDO is off, user must exist in system";
	error=1;
fi;
# this script has to be run as root
if [ "$(whoami)" != "root" ]; then
	echo "Script must be run as root user";
	error=1;
fi;

if [ $error -eq 1 ]; then
	exit;
fi;

# Define base folders
CLONE_BASE="clone-base/"
LOG_FOLDER="log/"
SCRIPT_FOLDER="scripts/"
CONFIG_FOLDER="config/"
WWW_WEBHOOK_INCOMING="/www/webhook-incoming";
WWW_ADMIN="/www/admin";

# jump host PEM file
PEM_BASE="${BASE_FOLDER}../pem/";
JUMP_PEM_FILE="somen-jump.tequila.jp#scripts#webhook-git#ed25519.pem";

# add trailing slash if missing
GIT_REPOSITORY_FOLDER="${GIT_REPOSITORY_FOLDER%/}/"

if [ -d "${GIT_REPOSITORY_FOLDER}" ]; then
	echo "Base folder already exists, update check";
	echo "[TODO] -> Not implemented exit";
	# check folders
	# check folder ACL
	# copy scripts
	# copy default config
	# check config entries missing
	exit;
else
	echo "=> Create new folder structure";
	# User for sudo, but only if SUDO is enabled
	if [ "${USE_SUDO}" != "0" ]; then
		echo "+ Add user ${WWW_GROUP}:${SUDO_USER} with base folder ${GIT_REPOSITORY_FOLDER}";
		useradd -d "${GIT_REPOSITORY_FOLDER}" -m -s /usr/sbin/nologin "${SUDO_USER}"
	fi;
	if [ -d "${GIT_REPOSITORY_FOLDER}" ]; then
		echo "+ Create Folder: ${GIT_REPOSITORY_FOLDER}";
		mkdir "${GIT_REPOSITORY_FOLDER}";
	fi;
	echo "+ Set folder user/group";
	# user is not mandatory, but we need to set the group
	setfacl -m u:"${SUDO_USER}":rwx -R "${GIT_REPOSITORY_FOLDER}"
	setfacl -m -d u:"${SUDO_USER}":rwx -R "${GIT_REPOSITORY_FOLDER}"
	setfacl -m g:"${WWW_GROUP}":rx -R "${GIT_REPOSITORY_FOLDER}"
	# SSH
	if [ "${USE_SUDO}" != "0" ]; then
		echo "+ Add .ssh folder"
		sudo -u "${SUDO_USER}" mkdir "${GIT_REPOSITORY_FOLDER}"/.ssh/
		sudo -u "${SUDO_USER}" touch "${GIT_REPOSITORY_FOLDER}"/.ssh/config
		sudo -u "${SUDO_USER}" chmod 700 "${GIT_REPOSITORY_FOLDER}"/.ssh/
		sudo -u "${SUDO_USER}" chmod 600 "${GIT_REPOSITORY_FOLDER}"/.ssh/config
		# add master jump host
		cat >> "${GIT_REPOSITORY_FOLDER}"/.ssh/config << 'EOF'
Host UdonGitJump
	Hostname somen-jump.tequila.jp
	User webhook-git
	IdentityFile ~/.ssh/somen-jump.tequila.jp#scripts#webhook-git#ed25519.pem
	Port 37337
EOF
		if [ -f "${PEM_BASE}${JUMP_PEM_FILE}" ]; then
			sudo -u "${SUDO_USER}" cp "${PEM_BASE}${JUMP_PEM_FILE}" "${GIT_REPOSITORY_FOLDER}"/.ssh/;
			sudo -u "${SUDO_USER}" chmod 600 "${GIT_REPOSITORY_FOLDER}/.ssh/${JUMP_PEM_FILE}"
		else
			echo "PEM FILE ${JUMP_PEM_FILE} must be added manually"
		fi;
	fi;
	# All other FOLDER
	echo "+ Other folders for clone base: ${CLONE_BASE}, logs, scripts, www/webhook-incoming"
	sudo -u "${SUDO_USER}" \
		mkdir -p \
		"${GIT_REPOSITORY_FOLDER}${CLONE_BASE}" \
		"${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" \
		"${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}" \
		"${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}" \
		"${GIT_REPOSITORY_FOLDER}${WWW_WEBHOOK_INCOMING}" \
		"${GIT_REPOSITORY_FOLDER}${WWW_ADMIN}";
	# set basic folder rights, clone folder is excluded
	sudo -u "${SUDO_USER}" chmod 700 \
		"${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" \
		"${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}" \
		"${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}" \
		"${GIT_REPOSITORY_FOLDER}${WWW_WEBHOOK_INCOMING}" \
		"${GIT_REPOSITORY_FOLDER}${WWW_ADMIN}";
	# setfacl -m u:"${SUDO_USER}":rwx -R "${GIT_REPOSITORY_FOLDER}${CLONE_BASE}"
	# setfacl -d -m u:"${SUDO_USER}":rwx -R "${GIT_REPOSITORY_FOLDER}${CLONE_BASE}"
	# web user must have access to the clone folder, RWX
	setfacl -m g:"${WWW_GROUP}":rwx -R "${GIT_REPOSITORY_FOLDER}${CLONE_BASE}"
	setfacl -d -m g:"${WWW_GROUP}":rwx -R "${GIT_REPOSITORY_FOLDER}${CLONE_BASE}"
	# Copy files
	echo "+ Copy basic script and config files";
	# git_pull.sh, init.sh, new_clone.sh, webhook.default.cfg
	sudo -u "${SUDO_USER}"cp "${BASE_FOLDER}new_clone.sh" "${BASE_FOLDER}init.sh" "${BASE_FOLDER}git_clone.sh" "${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}";
	sudo -u "${SUDO_USER}"cp "${CONFIG_BASE}/webhook.default.cfg" "${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}";
fi;

# __END__