#!/bin/bash

#/**
#@file    settoken
#@brief   Generate a new security token for the specified service or user.
#@usage   settoken [[-f] [Service]] | User
#@param   -f         force server restart without prompting (ask by default)
#@param   Service    may be "server", "repo" or "services" (for all services, by default)
#@param   User       OpenGnsys-defined username
#@warning This script uses "php" command.
#@version 1.1.1 - Initial version.
#@author  Ramón M. Gómez - ETSII Univ. Sevilla
#@date    2019-09-25
#*/ ##

# Global constants.
OPENGNSYS=${OPENGNSYS:-"/opt/opengnsys"}
SERVERCFG=$OPENGNSYS/etc/ogserver.json
REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg

# Functions.
source $OPENGNSYS/lib/ogfunctions.sh || exit 1

function new_token() {
    php -r 'echo md5(uniqid(rand(), true));'
}

# Error control.
if [ "$1" == "-f" ]; then
    FORCE=1
    shift
fi
[ $# -gt 1 ] && raiseError usage
case "${1,,}" in
    help)           # Show help.
        help ;;
    version)        # Show version number.
        version ;;
    server)         # Generate server token.
        SERVER=1 ;;
    repo)           # Generate repository token.
        REPO=1 ;;
    ""|services)    # Generate server and repo tokens.
        SERVER=1; REPO=1 ;;
    *)              # Generate user token.
        OGUSER="${1//\'/\\\'}" ;;
esac
[ "$USER" != "root" ] && raiseError access "Need to be root"
[ -w $SERVERCFG ] || raiseError access "Server configuration file"
source_json_config $SERVERCFG

# Update user token.
if [ "$OGUSER" ]; then
    APIKEY="$(new_token)"
    DATA="
UPDATE usuarios
   SET apikey='$APIKEY', idusuario=LAST_INSERT_ID(idusuario)
 WHERE usuario='$OGUSER';
SELECT LAST_INSERT_ID();
"
    [ "$(dbexec "$DATA")" == "0" ] && raiseError notfound "User \"$OGUSER\""
fi

# Update server token.
if [ "$SERVER" ]; then
    # Confirm action (server will be restarted).
    if [ ! "$FORCE" ]; then
        read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER
        [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated"
    fi
    APIKEY="$(new_token)"
    sed -i "s/\"api_token\": \".*\"/\"api_token\": \"$APIKEY\"/" $SERVERCFG || raiseError access "Cannot update server file"
fi

# Update repository token.
if [ "$REPO" ]; then
    [ -w $REPOCFG ] || raiseError access "Repository configuration file"
    APIKEY="$(new_token)"
    sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file"
    # If database is local, update it.
    source $REPOCFG
    if [ "$ServidorAdm" == "$IPlocal" ]; then
        dbexec "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';"
    else
        echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)."
    fi
fi

# Restart server, if needed.
if [ "$SERVER" ]; then
    restart opengnsys
fi