#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_CORE_AVAILABLE_PATH/common/property-functions"
source "$PLUGIN_AVAILABLE_PATH/config/functions"
source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/internal-functions"

fn-nginx-vhosts-migrate-env-vars() {
  # @TODO: Remove this after a few versions
  for app in $(dokku_apps "false" 2>/dev/null); do
    nginx_port="$(config_get "$app" DOKKU_NGINX_PORT || true)"
    nginx_ssl_port="$(config_get "$app" DOKKU_NGINX_SSL_PORT || true)"
    if [[ -n "$nginx_port" ]] || [[ -n "$nginx_ssl_port" ]]; then
      dokku_log_info1 "Migrating DOKKU_NGINX env variables. The following variables will be migrated"
      dokku_log_info2 "DOKKU_NGINX_PORT -> DOKKU_PROXY_PORT"
      dokku_log_info2 "DOKKU_NGINX_SSL_PORT -> DOKKU_PROXY_SSL_PORT"
    fi
    if [[ -n "$nginx_port" ]]; then
      dokku_log_info1 "Migrating DOKKU_NGINX_PORT to DOKKU_PROXY_PORT for $app"
      DOKKU_QUIET_OUTPUT=1 config_set --no-restart "$app" DOKKU_PROXY_PORT="$nginx_port"
      DOKKU_QUIET_OUTPUT=1 config_unset --no-restart "$app" DOKKU_NGINX_PORT
    fi
    if [[ -n "$nginx_ssl_port" ]]; then
      dokku_log_info1 "Migrating DOKKU_NGINX_SSL_PORT to DOKKU_PROXY_SSL_PORT for $app"
      DOKKU_QUIET_OUTPUT=1 config_set --no-restart "$app" DOKKU_PROXY_SSL_PORT="$nginx_ssl_port"
      DOKKU_QUIET_OUTPUT=1 config_unset --no-restart "$app" DOKKU_NGINX_SSL_PORT
    fi
  done
}

fn-nginx-vhosts-migrate-nginx-conf-sigil() {
  if [[ "$(fn-plugin-property-get-default "nginx" "--global" "nginx-conf-sigil-migrated" "")" == "true" ]]; then
    return
  fi

  fn-plugin-property-write "nginx" "--global" "nginx-conf-sigil-migrated" "true"

  for APP in $(dokku_apps "false" 2>/dev/null); do
    local DISABLE_CUSTOM_CONFIG="$(fn-nginx-computed-disable-custom-config "$APP")"
    if [[ "$DISABLE_CUSTOM_CONFIG" == "true" ]]; then
      continue
    fi

    local IMAGE_TAG="$(get_running_image_tag "$APP")"
    local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG")
    copy_from_image "$IMAGE" "nginx.conf.sigil" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil" 2>/dev/null || true
  done
}

trigger-nginx-vhosts-install() {
  declare desc="nginx-vhosts install trigger"
  declare trigger="install"

  fn-plugin-property-setup "nginx"

  NGINX_BIN="$(fn-nginx-vhosts-nginx-location)"
  NGINX_ROOT="/etc/nginx"
  NGINX_LOG_ROOT="/var/log/nginx"
  NGINX_INIT_NAME="nginx"
  NGINX_SUDOERS_FILE="/etc/sudoers.d/dokku-nginx"
  if fn-nginx-vhosts-uses-openresty; then
    NGINX_ROOT="/usr/local/openresty/nginx/conf"
    NGINX_LOG_ROOT="/var/log/openresty"
    NGINX_INIT_NAME="openresty"
    NGINX_SUDOERS_FILE="/etc/sudoers.d/dokku-openresty"
  fi

  local systemctl_path=/bin/systemctl
  if [[ -x /usr/bin/systemctl ]]; then
    systemctl_path=/usr/bin/systemctl
  fi

  local mode="0440"
  case "$DOKKU_DISTRO" in
    debian | raspbian)
      if [[ -x "$systemctl_path" ]]; then
        echo "%dokku ALL=(ALL) NOPASSWD:$systemctl_path enable $NGINX_INIT_NAME, $systemctl_path disable $NGINX_INIT_NAME, $systemctl_path reload $NGINX_INIT_NAME, $systemctl_path start $NGINX_INIT_NAME, $systemctl_path stop $NGINX_INIT_NAME, $systemctl_path is-active --quiet $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
      else
        echo "%dokku ALL=(ALL) NOPASSWD:/usr/sbin/invoke-rc.d $NGINX_INIT_NAME enable, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME disable, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME reload, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME start, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME stop, $NGINX_BIN -t, ${NGINX_BIN} -t -c *" >"$NGINX_SUDOERS_FILE"
      fi
      ;;

    ubuntu)
      if [[ "$DOKKU_INIT_SYSTEM" == "sv" ]]; then
        echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/sv enable $NGINX_INIT_NAME, /usr/bin/sv disable $NGINX_INIT_NAME, /usr/bin/sv reload $NGINX_INIT_NAME, /usr/bin/sv start $NGINX_INIT_NAME, /usr/bin/sv stop $NGINX_INIT_NAME, /usr/bin/sv status $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
      elif [[ -x "$systemctl_path" ]]; then
        echo "%dokku ALL=(ALL) NOPASSWD:$systemctl_path enable $NGINX_INIT_NAME, $systemctl_path disable $NGINX_INIT_NAME, $systemctl_path reload $NGINX_INIT_NAME, $systemctl_path start $NGINX_INIT_NAME, $systemctl_path stop $NGINX_INIT_NAME, $systemctl_path is-active --quiet $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
      elif [[ -x /usr/bin/sv ]]; then
        echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/sv enable $NGINX_INIT_NAME, /usr/bin/sv disable $NGINX_INIT_NAME, /usr/bin/sv reload $NGINX_INIT_NAME, /usr/bin/sv start $NGINX_INIT_NAME, /usr/bin/sv stop $NGINX_INIT_NAME, /usr/bin/sv status $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
      else
        echo "%dokku ALL=(ALL) NOPASSWD:/etc/init.d/$NGINX_INIT_NAME enable, /etc/init.d/$NGINX_INIT_NAME disable, /etc/init.d/$NGINX_INIT_NAME reload, /etc/init.d/$NGINX_INIT_NAME start, /etc/init.d/$NGINX_INIT_NAME stop, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
      fi
      ;;

    arch)
      echo "%dokku ALL=(ALL) NOPASSWD:$systemctl_path enable $NGINX_INIT_NAME, $systemctl_path disable $NGINX_INIT_NAME, $systemctl_path reload $NGINX_INIT_NAME, $systemctl_path start $NGINX_INIT_NAME, $systemctl_path stop $NGINX_INIT_NAME, $systemctl_path is-active --quiet $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
      ;;
  esac

  chmod "$mode" "$NGINX_SUDOERS_FILE"

  # if dhparam.pem has not been created, create it the first time
  if [[ ! -f "$NGINX_ROOT/dhparam.pem" ]]; then
    openssl dhparam -out "$NGINX_ROOT/dhparam.pem" 2048
  fi

  mkdir -p "$NGINX_ROOT/conf.d"
  chown root:root "$NGINX_ROOT/dhparam.pem"
  chown root:root "$NGINX_ROOT/conf.d"
  # cat <<EOF >"$NGINX_ROOT/conf.d/dokku.conf"
  local DOKKU_TEMPLATE="$PLUGIN_AVAILABLE_PATH/nginx-vhosts/templates/dokku.conf.sigil"
  CUSTOM_DOKKU_TEMPLATE="$(plugn trigger nginx-dokku-template-source)"
  if [[ -n "$CUSTOM_DOKKU_TEMPLATE" ]] && [[ -f "$CUSTOM_DOKKU_TEMPLATE" ]]; then
    DOKKU_TEMPLATE="$CUSTOM_DOKKU_TEMPLATE"
  fi

  # Remove server_tokens directive from main nginx config if present (commented or uncommented)
  if [[ -f "$NGINX_ROOT/nginx.conf" ]]; then
    sed -i '/server_tokens/d' "$NGINX_ROOT/nginx.conf"
  fi

  sigil -f "$DOKKU_TEMPLATE" DOKKU_ROOT="$DOKKU_ROOT" NGINX_ROOT="$NGINX_ROOT" | cat -s >"$NGINX_ROOT/conf.d/dokku.conf"

  # allow users to override their server_names_hash_bucket_size
  if [[ ! -f "$NGINX_ROOT/conf.d/server_names_hash_bucket_size.conf" ]]; then
    echo 'server_names_hash_bucket_size 512;' >|"$NGINX_ROOT/conf.d/server_names_hash_bucket_size.conf"
  fi

  # revert dokku group changes
  mkdir -p "$NGINX_LOG_ROOT"
  gpasswd -a dokku adm
  chgrp --quiet -R adm "$NGINX_LOG_ROOT"
  gpasswd -M "$(grep -E ^dokku: /etc/group | awk -F ":" '{ print $4 }')" dokku
  [[ -f /etc/logrotate.d/nginx ]] && sed -i -e 's/create 0640 www-data dokku/create 0640 www-data adm/g' /etc/logrotate.d/nginx

  # Create nginx error templates
  mkdir -p "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors"
  chown -R "${DOKKU_SYSTEM_USER}:${DOKKU_SYSTEM_GROUP}" "${DOKKU_LIB_ROOT}/data/nginx-vhosts"
  cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/400-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/400-error.html"
  cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/404-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/404-error.html"
  cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/500-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/500-error.html"
  cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/502-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/502-error.html"

  # patch broken nginx 1.8.0 logrotate
  [[ -f /etc/logrotate.d/nginx ]] && sed -i -e 's/invoke-rc.d/service/g' /etc/logrotate.d/nginx

  fn-nginx-vhosts-migrate-env-vars
  fn-nginx-vhosts-migrate-nginx-conf-sigil

  if [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/nginx.stopped" ]]; then
    rm -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/nginx.stopped"
    fn-plugin-property-write "nginx" "--global" "proxy-status" "stopped"
  fi

  # avoid failing runit init calls on install
  # the runit binaries are not yet available during dockerfile building
  # and therefore both these calls will fail
  if [[ ! -x /usr/bin/sv ]] && [[ "$(fn-plugin-property-get "nginx" "--global" "proxy-status")" != "stopped" ]]; then
    fn-nginx-vhosts-nginx-init-cmd start || fn-nginx-vhosts-nginx-init-cmd reload
  fi
}

trigger-nginx-vhosts-install "$@"
