#!/usr/bin/env bash
#
# Copyright (c) 2024 YunoHost Contributors
#
# This file is part of YunoHost (see https://yunohost.org)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

YNH_APP_BASEDIR=${YNH_APP_BASEDIR:-$(realpath ..)}

# Handle script crashes / failures
#
# [internal]
#
ynh_exit_properly() {
    local exit_code=$?

    if [[ "${YNH_APP_ACTION:-}" =~ ^install$|^upgrade$|^restore$ ]]; then
        rm -rf "/var/cache/yunohost/download/"
    fi

    if [ "$exit_code" -eq 0 ]; then
        exit 0 # Exit without error if the script ended correctly
    fi

    trap '' EXIT # Ignore new exit signals
    # Do not exit anymore if a command fail or if a variable is empty
    set +o errexit # set +e
    set +o nounset # set +u

    # Small tempo to avoid the next message being mixed up with other DEBUG messages
    sleep 0.5

    # Exit with error status
    # We don't call ynh_die basically to avoid unecessary 10-ish
    # debug lines about parsing args and stuff just to exit 1..
    exit 1
}

# Exits if an error occurs during the execution of the script.
#
# [packagingv1]
#
# usage: ynh_abort_if_errors
#
# This configure the rest of the script execution such that, if an error occurs
# or if an empty variable is used, the execution of the script stops immediately
ynh_abort_if_errors() {
    set -o errexit              # set -e; Exit if a command fail
    set -o nounset              # set -u; And if a variable is used unset
    trap ynh_exit_properly EXIT # Capturing exit signals on shell script
}

# When running an app script, auto-enable ynh_abort_if_errors except for remove script
if [[ "${YNH_CONTEXT:-}" != "regenconf" ]] && [[ "${YNH_APP_ACTION:-}" != "remove" ]]; then
    ynh_abort_if_errors
fi

# Execute a command after sudoing as $app
#
# Note that the $PATH variable is preserved (using env PATH=$PATH)
#
# usage: ynh_exec_as_app COMMAND [ARG ...]
ynh_exec_as_app() {
    sudo -u "$app" env \
        PATH="$PATH" \
        COREPACK_ENABLE_DOWNLOAD_PROMPT="0" \
        NPM_CONFIG_UPDATE_NOTIFIER="false" \
        "$@"
}

# Curl abstraction to help with POST requests to local pages (such as installation forms)
#
# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
# | arg: page_uri    - Path (relative to `$path`) of the page where POST data will be sent
# | arg: key1=value1 - (Optionnal) POST key and corresponding value
# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
# | arg: ...         - (Optionnal) More POST keys and values
#
# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
#
# For multiple calls, cookies are persisted between each call for the same app
#
# `$domain` and `$path` should be defined externally (and correspond to the domain.tld and the /path (of the app?))
ynh_local_curl() {

    # Concatenate all other arguments with '&' to prepare POST data
    local POST_data=""
    local arg=""
    for arg in "${@:2}"; do
        POST_data="${POST_data}${arg}&"
    done
    if [ -n "$POST_data" ]; then
        # Add --data arg and remove the last character, which is an unecessary '&'
        ynh_local_curl_raw "$1" --data "${POST_data::-1}"
    else
        ynh_local_curl_raw "$1"
    fi
}

# More low-level curl wrapper, meant for more elaborate use case where people
# want to pass arbitrary headers and other curl options, not just POST data
#
# [internal]
#
# example: ynh_local_curl_raw "/install.php?installButton" --data "foo=$var1&bar=$var2"
ynh_local_curl_raw() {
    # Define url of page to curl
    local local_page=$(ynh_normalize_url_path "$1")
    local full_path=$path$local_page

    if [ "${path}" == "/" ]; then
        full_path=$local_page
    fi

    local full_page_url=https://localhost$full_path

    # Wait untils nginx has fully reloaded (avoid curl fail with http2)
    sleep 2

    local cookiefile=/tmp/ynh-$app-cookie.txt
    touch "$cookiefile"
    chown root "$cookiefile"
    chmod 700 "$cookiefile"

    # Temporarily enable visitors if needed...
    local visitors_enabled=$(ynh_permission_has_user --permission="main" --user="visitors" && echo yes || echo no)
    if [[ $visitors_enabled == "no" ]]; then
        ynh_permission_update --permission="main" --add="visitors" > /dev/null # Skip print to standard output, the caller may process the output and then expect only the HTTP response.
                                                                               # See https://github.com/YunoHost-Apps/piwigo_ynh/issues/168#issuecomment-3694238343
    fi

    # Curl the URL
    shift
    curl --silent --show-error --insecure --location --header "Host: $domain" --resolve "$domain:443:127.0.0.1" "$full_page_url" --cookie-jar "$cookiefile" --cookie "$cookiefile" "$@"

    if [[ $visitors_enabled == "no" ]]; then
        ynh_permission_update --permission="main" --remove="visitors" > /dev/null
    fi
}

_acceptable_path_to_delete() {
    local file=$1

    local forbidden_paths=$(ls -d / /* /{var,home,usr}/* /etc/{default,sudoers.d,yunohost,cron*} /etc/yunohost/{apps,domains,hooks.d} /opt/yunohost 2> /dev/null)

    # Legacy : A couple apps still have data in /home/$app ...
    if [[ -n "${app:-}" ]]; then
        forbidden_paths=$(echo "$forbidden_paths" | grep -v "/home/$app")
    fi

    # Use realpath to normalize the path ..
    # i.e convert ///foo//bar//..///baz//// to /foo/baz
    file=$(realpath --no-symlinks "$file")
    if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then
        return 1
    else
        return 0
    fi
}

# Remove a file or a directory, checking beforehand that it's not a disastrous location to rm such as entire /var or /home
#
# usage: ynh_safe_rm path_to_remove
ynh_safe_rm() {
    local target="$1"
    set +o xtrace # set +x

    if [ $# -ge 2 ]; then
        ynh_print_warn "/!\ Packager ! You provided more than one argument to ynh_safe_rm but it will be ignored... Use this helper with one argument at time."
    fi

    if [[ -z "$target" ]]; then
        ynh_print_warn "ynh_safe_rm called with empty argument, ignoring."
    elif [[ ! -e "$target" ]] && [[ ! -L "$target" ]]; then
        ynh_print_info "'$target' wasn't deleted because it doesn't exist."
    elif ! _acceptable_path_to_delete "$target"; then
        ynh_print_warn "Not deleting '$target' because it is not an acceptable path to delete."
    else
        rm --recursive "$target"
    fi

    set -o xtrace # set -x
}

# Read the value of a key in the app's manifest
#
# usage: ynh_read_manifest "key"
# | arg: key - Name of the key to find
# | ret: the value associate to that key
ynh_read_manifest() {
    cat "$YNH_APP_BASEDIR/manifest.toml" | toml_to_json | jq ".$1" --raw-output
}

# Return the app upstream version, deduced from `$YNH_APP_MANIFEST_VERSION` and strippig the `~ynhX` part
#
# usage: ynh_app_upstream_version
# | ret: the version number of the upstream app
#
# For example, if the manifest contains `4.3-2~ynh3` the function will return `4.3-2`
ynh_app_upstream_version() {
    echo "${YNH_APP_MANIFEST_VERSION/~ynh*/}"
}

# Return 0 if the "upstream" part of the version changed, or 1 otherwise (ie only the ~ynh suffix changed)
#
# usage: if ynh_app_upstream_version_changed; then ...
ynh_app_upstream_version_changed() {
    # "UPGRADE_PACKAGE" means only the ~ynh prefix changed
    [[ "$YNH_APP_UPGRADE_TYPE" == "UPGRADE_PACKAGE" ]] && return 1 || return 0
}

# Compare the current package version is strictly lower than another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before() {
    local version=$1
    [[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"

    dpkg --compare-versions "$YNH_APP_CURRENT_VERSION" lt "$version"
}

# Compare the current package version is lower or equal to another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before_or_equal_to 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before_or_equal_to() {
    local version=$1
    [[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"

    dpkg --compare-versions "$YNH_APP_CURRENT_VERSION" le "$version"
}

# Apply sane permissions for files installed by ynh_setup_source and ynh_config_add.
#
# [internal]
#
# * Anything below $install_dir is chown $app:$app and chmod o-rwx,g-w
# * The rest is considered as system configuration and chown root, chmod 400
#
_ynh_apply_default_permissions() {
    local target=$1

    is_in_dir() {
        # Returns false if parent is empty
        [ -n "$2" ] || return 1
        local child=$(realpath "$1" 2> /dev/null)
        local parent=$(realpath "$2" 2> /dev/null)
        [[ "${child}" =~ ^$parent ]]
    }

    # App files can have files of their own
    if ynh_system_user_exists --username="$app"; then
        # If this is a file in $install_dir or $data_dir : it should be owned and read+writable by $app only
        if [ -f "$target" ] && (is_in_dir "$target" "${install_dir:-}" || is_in_dir "$target" "${data_dir:-}" || is_in_dir "$target" "/etc/$app"); then
            chmod 600 "$target"
            chown "$app:$app" "$target"
            return
        fi
        # If this is the install dir (so far this is the only way this helper is called with a directory - along with $data_dir via ynh_restore?)
        if [ "$target" == "${install_dir:-}" ]; then
            # Read the group from the install_dir manifest resource
            local group="$(ynh_read_manifest 'resources.install_dir.group' | sed 's/null//g' | sed "s/__APP__/$app/g" | cut -f1 -d:)"
            if [[ -z "$group" ]]; then
                # We set the group to www-data for webapps that do serve static assets, which therefore need to be readable by nginx ...
                # The fact that the app needs this is infered by the existence of an nginx.conf and the presence of "alias" or "root" directive
                if grep -q '^\s*alias\s\|^\s*root\s' "$YNH_APP_BASEDIR/conf/nginx.conf" 2> /dev/null; then
                    group="www-data"
                # Or default to "$app"
                else
                    group="$app"
                fi
            fi
            # Files inside should be owned by $app with rw-r----- (+x for folders or files that already have +x)
            # The group needs read/dirtraversal (in particular if it's www-data)
            chmod -R u=rwX,g=rX,o=--- "$target"
            chown -R "$app:$group" "$target"
            return
        elif [ "$target" == "${data_dir:-}" ] || [ "$target" == "/var/log/$app" ]; then
            # Read the group from the data manifest resource
            local group="$(ynh_read_manifest 'resources.data_dir.group' | sed 's/null//g' | sed "s/__APP__/$app/g" | cut -f1 -d:)"
            chmod 750 "$target"
            chown -R "$app:${group:-$app}" "$target"
            return
        fi
    fi

    # Other files are considered system
    chmod 400 "$target"
    chown root:root "$target"
}

int_to_bool() {
    sed -e 's/^1$/True/g' -e 's/^0$/False/g' -e 's/^true$/True/g' -e 's/^false$/False/g'
}

toml_to_json() {
    python3 -c 'import toml, json, sys; print(json.dumps(toml.load(sys.stdin)))'
}

# Validate an IP address
#
# usage: ynh_validate_ip --family=family --ip_address=ip_address
# | ret: 0 for valid ip addresses, 1 otherwise
#
# example: ynh_validate_ip 4 111.222.333.444
ynh_validate_ip() {
    # ============ Argument parsing =============
    local -A args_array=([f]=family= [i]=ip_address=)
    local family
    local ip_address
    ynh_handle_getopts_args "$@"
    # ===========================================

    [ "$family" == "4" ] || [ "$family" == "6" ] || return 1

    # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
    python3 /dev/stdin << EOF
import socket
import sys
family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
try:
    socket.inet_pton(family["$family"], "$ip_address")
except socket.error:
    sys.exit(1)
sys.exit(0)
EOF
}

# Get the total or free amount of RAM+swap on the system
#
# [packagingv1]
#
# usage: ynh_get_ram [--free|--total]
# | arg: --free         - Count free RAM+swap
# | arg: --total        - Count total RAM+swap
# | ret: the amount of free ram, in MB (MegaBytes)
ynh_get_ram() {
    # ============ Argument parsing =============
    local -A args_array=([f]=free [t]=total)
    local free
    local total
    ynh_handle_getopts_args "$@"
    free=${free:-0}
    total=${total:-0}
    # ===========================================

    if [ "$free" -eq "$total" ]; then
        ynh_print_warn "You have to choose --free or --total when using ynh_get_ram"
        ram=0
    elif [ "$free" -eq 1 ]; then
        local free_ram=$(LC_ALL=C vmstat --stats --unit M | grep "free memory" | awk '{print $1}')
        local free_swap=$(LC_ALL=C vmstat --stats --unit M | grep "free swap" | awk '{print $1}')
        local free_ram_swap=$((free_ram + free_swap))
        local ram=$free_ram_swap
    elif [ "$total" -eq 1 ]; then
        local total_ram=$(LC_ALL=C vmstat --stats --unit M | grep "total memory" | awk '{print $1}')
        local total_swap=$(LC_ALL=C vmstat --stats --unit M | grep "total swap" | awk '{print $1}')
        local total_ram_swap=$((total_ram + total_swap))
        local ram=$total_ram_swap
    fi

    echo "$ram"
}

# Check if the scripts are being run by the package_check in CI
#
# usage: ynh_in_ci_tests
#
# Return 0 if in CI, 1 otherwise
ynh_in_ci_tests() {
    [ "${PACKAGE_CHECK_EXEC:-0}" -eq 1 ]
}

# Retrieve a YunoHost user information
#
# usage: ynh_user_get_info --username=username --key=key
# | arg: --username=    - the username to retrieve info from
# | arg: --key=         - the key to retrieve
# | ret: the value associate to that key
#
# example: mail=$(ynh_user_get_info --username="toto" --key=mail)
ynh_user_get_info() {
    # ============ Argument parsing =============
    local -A args_array=([u]=username= [k]=key=)
    local username
    local key
    ynh_handle_getopts_args "$@"
    # ===========================================

    yunohost user info "$username" --output-as json --quiet | jq -r ".$key"
}

# Get the list of YunoHost users
#
# usage: ynh_user_list
# | ret: one username per line as strings
#
# example: for u in $(ynh_user_list); do ... ; done
ynh_user_list() {
    yunohost user list --output-as json --quiet | jq -r ".users | keys[]"
}

# Spawn a Bash shell with the app environment loaded
#
# usage: ynh_spawn_app_shell
#
# examples:
#   ynh_spawn_app_shell <<< 'echo "$USER"'
#   ynh_spawn_app_shell < /tmp/some_script.bash
#
# The spawned shell will have environment variables loaded and environment files sourced
# from the app's service configuration file (defaults to $app.service, overridable by the packager with `service` setting).
# If the app relies on a specific PHP version, then `php` will be aliased that version. The PHP command will also be appended with the `phpflags` settings.
ynh_spawn_app_shell() {

    # Force Bash to be used to run this helper
    [[ $0 =~ \/?bash$ ]] || ynh_die "Please use Bash as shell"

    # Make sure the app is installed
    test -d "/etc/yunohost/apps/$app" || ynh_die "$app is not an installed app ?!"

    # Make sure the app has its own user
    id -u "$app" &> /dev/null || ynh_die "There is no \"$app\" system user"

    # Make sure the app has an install_dir setting
    [ -n "${install_dir:-}" ] || ynh_die "$app has no install_dir setting!"

    # Export HOME variable
    export HOME=$install_dir

    # Force `php` to its intended version
    # We use `eval`+`export` since `alias` is not propagated to subshells, even with `export`
    if [ -n "${php_version:-}" ]; then
        eval "php() { php${php_version} ${phpflags:-} \"\$@\"; }"
        export -f php
    fi

    # Load the app's service name, or default to $app
    service=${service:-$app}
    if systemctl list-units -a | grep -q "$service.service"; then
        # Load the Environment variables from the app's service
        local env_var=$(systemctl show "$service.service" -p "Environment" --value)
        [ -n "${env_var:-}" ] && export "${env_var?}"

        # Source the EnvironmentFiles from the app's service
        local -a env_files
        mapfile -t env_files < <(systemctl show "$service.service" -p "EnvironmentFiles" --value | sed 's| (ignore_errors=\w*)||')
        if [ ${#env_files[*]} -gt 0 ]; then
            for file in "${env_files[@]}"; do
                if [[ $file = /* ]]; then
                    # set -/+a enables and disables new variables being automatically exported. Needed when using `source`.
                    set -a
                    # shellcheck disable=SC1090,SC1091
                    source "$file"
                    set +a
                fi
            done
        fi
    fi

    # Activate the Python environment, if it exists
    if [ -f "$install_dir/venv/bin/activate" ]; then
        # set -/+a enables and disables new variables being automatically exported. Needed when using `source`.
        set -a
        # shellcheck disable=SC1090,SC1091
        source "$install_dir/venv/bin/activate"
        set +a
    fi

    # cd into the WorkingDirectory set in the service, or default to the install_dir
    local env_dir=$(systemctl show "$service.service" -p "WorkingDirectory" --value)
    cd "${env_dir:-$install_dir}"

    # Spawn the app shell
    su -s /bin/bash "$app"
}

# Add swap
#
# usage: ynh_add_swap --size=SWAP in Mb
# | arg: -s, --size= - Amount of SWAP to add in Mb.
ynh_add_swap() {
    if systemd-detect-virt --container --quiet; then
        ynh_print_warn "You are inside a container/VM. swap will not be added, but that can cause troubles for the app $app. Please make sure you have enough RAM available."
        return
    fi

    # Declare an array to define the options of this helper.
    declare -Ar args_array=([s]=size=)
    local size
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    local swap_max_size=$((size * 1024))

    local free_space=$(df --output=avail / | sed 1d)
    # Because we don't want to fill the disk with a swap file, divide by 2 the available space.
    local usable_space=$((free_space / 2))

    SD_CARD_CAN_SWAP=${SD_CARD_CAN_SWAP:-0}

    # Swap on SD card only if it's is specified
    if ynh_is_main_device_a_sd_card && [ "$SD_CARD_CAN_SWAP" == "0" ]; then
        ynh_print_warn "The main mountpoint of your system '/' is on an SD card, swap will not be added to prevent some damage of this one, but that can cause troubles for the app $app. If you still want activate the swap, you can relaunch the command preceded by 'SD_CARD_CAN_SWAP=1'"
        return
    fi

    # Compare the available space with the size of the swap.
    # And set a acceptable size from the request
    if [ $usable_space -ge $swap_max_size ]; then
        local swap_size=$swap_max_size
    elif [ $usable_space -ge $((swap_max_size / 2)) ]; then
        local swap_size=$((swap_max_size / 2))
    elif [ $usable_space -ge $((swap_max_size / 3)) ]; then
        local swap_size=$((swap_max_size / 3))
    elif [ $usable_space -ge $((swap_max_size / 4)) ]; then
        local swap_size=$((swap_max_size / 4))
    else
        echo "Not enough space left for a swap file" >&2
        local swap_size=0
    fi

    # If there's enough space for a swap, and no existing swap here
    if [ $swap_size -ne 0 ] && [ ! -e "/swap_$app" ]; then
        # Create file
        truncate -s 0 "/swap_$app"

        # try to set the No_COW attribute on the swapfile with chattr (depending of the filesystem type)
        chattr +C "/swap_$app" 2> /dev/null

        # Preallocate space for the swap file, fallocate may sometime not be used, use dd instead in this case
        if ! fallocate -l ${swap_size}K "/swap_$app"; then
            dd if=/dev/zero of="/swap_$app" bs=1024 count=${swap_size}
        fi
        chmod 0600 "/swap_$app"
        # Create the swap
        mkswap "/swap_$app"
        # And activate it
        swapon "/swap_$app"
        # Then add an entry in fstab to load this swap at each boot.
        echo -e "/swap_$app swap swap defaults 0 0 #Swap added by $app" >> /etc/fstab
    fi
}

# Delete swap
#
# usage: ynh_del_swap
ynh_del_swap() {
    # If there a swap at this place
    if [ -e "/swap_$app" ]; then
        # Clean the fstab
        sed -i "/#Swap added by $app/d" /etc/fstab
        # Deactive the swap file
        swapoff "/swap_$app"
        # And remove it
        rm "/swap_$app"
    fi
}

# Check if the device of the main mountpoint "/" is an SD card
#
# [internal]
#
# return 0 if it's an SD card, else 1
ynh_is_main_device_a_sd_card() {
    if [ "$(systemd-detect-virt)" != "none" ]; then
        # Assume virtualization does not take place on SD card
        return 1
    fi

    local main_device=$(lsblk --output PKNAME --noheadings "$(findmnt / --nofsroot --uniq --output source --noheadings --first-only)")

    if echo "$main_device" | grep --quiet "mmc" && [ "$(tail -n1 "/sys/block/$main_device/queue/rotational")" == "0" ]; then
        return 0
    else
        return 1
    fi
}

# Check available space before creating a temp directory.
#
# usage: ynh_smart_mktemp --min_size="Min size"
#
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
ynh_smart_mktemp() {
    # Declare an array to define the options of this helper.
    declare -Ar args_array=([s]=min_size=)
    local min_size
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    min_size="${min_size:-300}"
    # Transform the minimum size from megabytes to kilobytes
    min_size=$((min_size * 1024))

    # Check if there's enough free space in a directory
    is_there_enough_space() {
        local free_space=$(df --output=avail "$1" | sed 1d)
        test "$free_space" -ge $min_size
    }

    if is_there_enough_space /tmp; then
        local tmpdir=/tmp
    elif is_there_enough_space /var; then
        local tmpdir=/var
    elif is_there_enough_space /; then
        local tmpdir=/
    elif is_there_enough_space /home; then
        local tmpdir=/home
    else
        ynh_die "Insufficient free space to continue..."
    fi

    mktemp --directory --tmpdir="$tmpdir"
}

# Setup/update a git clone, meant to be used internally to fetch technical tools like goenv, rbenv
#
# [internal]
#
function _ynh_git_clone() {
    local url="$1"
    local dest_dir="$2"
    local branch=${3:-master}

    mkdir -p "$dest_dir"
    pushd "$dest_dir" || return 1
        if ! [ -d "$dest_dir/.git" ]; then
            git init -q
            git remote add origin "$url"
    else
            git remote set-url origin "$url"
    fi
        git fetch -q --tags --prune origin "$branch"
        git reset --hard origin/"$branch"
    popd || return 1
}
