#!/usr/bin/env bash

set -euo pipefail

LOGFILE=/home/labca/logs/commander.log

err_report() {
    echo "ERROR! On line $1 in commander script"
}

trap 'err_report $LINENO' INT TERM ERR

dn=$(dirname $0)
source "$dn/utils.sh"

function wait_server() {
    local url="$1"

    local status=0
    local cnt=0

    set +e
    res=$(curl -o /dev/null -sSLk --head --write-out '%{http_code}\n' $url 2>&1)
    if [ $? -ne 0 ]; then
        echo -n $res
    fi
    set -e
    while [ $cnt -lt 40 ] && [ "$status" != "200" ]; do
        status=$(curl -o /dev/null -sSL --head --write-out '%{http_code}\n' $url 2>>$LOGFILE)
        let cnt=$cnt+1
        if [ "$status" != "200" ]; then
            sleep 5
        fi
    done
}


read txt
case $txt in
"trust-store")
    cp /home/labca/nginx_data/ssl/labca_cert.pem /usr/local/share/ca-certificates/labca_cert.crt
    cp ~labca/admin/data/root-ca.pem /usr/local/share/ca-certificates/root-ca.crt
    update-ca-certificates &>>$LOGFILE
    echo "Waiting for initial startup of the docker containers..." &>>$LOGFILE
    wait_up $PS_MYSQL &>>$LOGFILE
    wait_up $PS_LABCA &>>$LOGFILE
    wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
    ;;
"docker-restart")
    cd /home/labca/boulder
    docker-compose stop &>>$LOGFILE
    wait_down $PS_MYSQL &>>$LOGFILE
    wait_down $PS_LABCA &>>$LOGFILE
    wait_down $PS_BOULDER &>>$LOGFILE
    COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d &>>$LOGFILE
    wait_up $PS_MYSQL &>>$LOGFILE
    wait_up $PS_LABCA &>>$LOGFILE
    wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
    ;;
"acme-request")
    cd /home/labca/nginx_data/ssl
    [ -e account.key ] || openssl genrsa 4096 > account.key
    [ -e labca_key.pem ] || openssl genrsa 4096 > labca_key.pem
    san=$(openssl x509 -noout -text -in labca_cert.pem | grep DNS:)
    openssl req -new -utf8 -sha256 -key labca_key.pem -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=$san")) > domain.csr
    url=$(grep 'DEFAULT_DIRECTORY_URL =' /home/labca/acme_tiny.py | sed -e 's/.*=[ ]*//' | sed -e 's/\"//g')
    wait_server $url
    sleep 10
    /home/labca/labca/renew
    ln -sf /home/labca/labca/cron_d /etc/cron.d/labca
    ln -sf /home/labca/labca/logrotate_d /etc/logrotate.d/labca
    ;;
"nginx-remove-redirect")
    perl -i -p0e 's/\n    # BEGIN temporary redirect\n    location = \/ \{\n        return 302 \/admin\/;\n    }\n    # END temporary redirect\n//igs' /home/labca/nginx_data/conf.d/labca.conf
    ;;
"nginx-reload")
    cd /home/labca/boulder
    docker-compose exec -T nginx nginx -s reload &>>$LOGFILE
    ;;
"nginx-restart")
    cd /home/labca/boulder
    docker-compose restart nginx &>>$LOGFILE
    ;;
"log-cert")
    [ -f /home/labca/nginx_data/ssl/acme_tiny.log ] && tail -200 /home/labca/nginx_data/ssl/acme_tiny.log || /bin/true
    exit 0
    ;;
"log-commander")
    [ -f $LOGFILE ] && tail -200 $LOGFILE || /bin/true
    exit 0
    ;;
"log-boulder")
    cd /home/labca/boulder
    docker-compose logs -f --no-color --tail=50 boulder
    ;;
"log-boulder-notail")
    cd /home/labca/boulder
    docker-compose logs --no-color --tail=50 boulder
    ;;
"log-audit")
    cd /home/labca/boulder
    docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling  due to unexpected end of JSON input" | tail -50
    docker-compose logs -f --no-color --tail=0 boulder | grep "\[AUDIT\]"
    ;;
"log-activity")
    cd /home/labca/boulder
    echo "GMT"
    docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling  due to unexpected end of JSON input" | tail -15
    exit 0
    ;;
"log-labca")
    cd /home/labca/boulder
    docker-compose logs -f --no-color --tail=50 labca
    ;;
"log-labca-notail")
    cd /home/labca/boulder
    docker-compose logs --no-color --tail=50 labca
    ;;
"log-labca-err")
    [ -f /var/log/labca.err ] && tail -200 /var/log/labca.err || /bin/true
    exit 0
    ;;
"log-web")
    cd /home/labca/boulder
    docker-compose logs -f --no-color --tail=50 nginx
    ;;
"log-components")
    timezone=$(cat /etc/timezone)
    nginx=$(ps -eo lstart,args | grep nginx | grep master | grep -v grep | cut -c 5-24)
    svc=$(ps -eo lstart,args | grep tcpserver | grep sudo | grep -v grep | cut -c 5-24)
    boulder=$(ps -eo lstart,args | grep bin/boulder-wfe2 | grep -v grep | cut -c 5-24)
    labca=$(ps -eo lstart,args | grep bin/labca | grep -v grep | head -1 | cut -c 5-24)
    echo "$timezone|$nginx|$svc|$boulder|$labca"
    exit 0
    ;;
"log-stats")
    timezone=$(cat /etc/timezone)
    uptime=$(uptime -s)
    procs=$(ps -ef --no-headers | wc -l)
    total=$(free -b --si | grep 'Mem:' | perl -p0e 's/.*?\s+(\d+)\s+.*/$1/')
    avail=$(free -b --si | grep 'Mem:' | perl -p0e 's/.*\s+(\d+)$/$1/')
    let used=$total-$avail
    echo "$timezone|$uptime|$procs|$used|$avail"
    exit 0
    ;;
"revoke-cert")
    read serial
    read reasonCode
    cd /home/labca/boulder
    docker-compose exec -T boulder bin/admin-revoker serial-revoke --config labca/config/admin-revoker.json $serial $reasonCode 2>&1
    ;;
"test-email")
    read recipient
    cd /home/labca/boulder
    docker-compose exec -T boulder bin/mail-tester --config labca/config/expiration-mailer.json $recipient 2>&1
    ;;
"boulder-start")
    cd /home/labca/boulder
    COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d bmysql
    COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d boulder
    wait_up $PS_MYSQL &>>$LOGFILE
    wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
    ;;
"boulder-stop")
    cd /home/labca/boulder
    docker-compose stop boulder
    docker-compose stop bmysql
    wait_down $PS_MYSQL &>>$LOGFILE
    wait_down $PS_BOULDER &>>$LOGFILE
    ;;
"boulder-restart")
    cd /home/labca/boulder
    docker-compose stop boulder
    docker-compose stop bmysql
    wait_down $PS_MYSQL &>>$LOGFILE
    wait_down $PS_BOULDER &>>$LOGFILE
    COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d bmysql
    COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d boulder
    wait_up $PS_MYSQL &>>$LOGFILE
    wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
    ;;
"labca-restart")
    cd /home/labca/boulder
    docker-compose stop labca
    wait_down $PS_LABCA &>>$LOGFILE
    COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d labca
    wait_up $PS_LABCA &>>$LOGFILE
    ;;
"svc-restart")
    service labca stop
    wait_down $PS_SERVICE &>>$LOGFILE
    service labca start
    wait_up $PS_SERVICE &>>$LOGFILE
    ;;
"log-backups")
    ls -1tr /home/labca/backup || /bin/true
    exit 0
    ;;
"log-server-backup")
    /home/labca/labca/backup
    exit 0
    ;;
"backup-delete")
    read backup
    rm -f /home/labca/backup/$backup
    ;;
"backup-restore")
    read backup
    /home/labca/labca/restore $backup
    ;;
"server-restart")
    reboot
    ;;
"server-shutdown")
    halt
    ;;
"version-update")
    cd $dn
    branch="$(git symbolic-ref --short HEAD 2>/dev/null)" || branch="(none)"
    if [ "$branch" == "master" ] || [ "$branch" == "main" ] || [ "$branch" == "(none)" ]; then
        /home/labca/labca/install &>>$LOGFILE
    else
        /home/labca/labca/install -b $branch &>>$LOGFILE
    fi
    ;;
*)
    echo "Unknown command '$txt'. ERROR!"
    exit 1
    ;;
esac

echo "ok"