#!/bin/bash

[ -f /etc/nginx/conf.d/onlyoffice-documentserver.conf ] && rm -f /etc/nginx/conf.d/onlyoffice-documentserver.conf
[ -f /etc/nginx/includes/onlyoffice-http.conf ] && rm -f /etc/nginx/includes/onlyoffice-http.conf
[ -e /etc/nginx/includes/ds-example.conf ] && rm -f /etc/nginx/includes/ds-example.conf

# NB if token less than 32 webtop will fail

# get fqdn and dshost
export fqdn=$(/sbin/e-smith/config getprop onlyoffice VirtualHost || echo `config get SystemName`.`config get DomainName`)
export dshost=$fqdn
export dsport=$(/sbin/e-smith/config getprop onlyoffice TCPPort || echo "8082")
secretString=$(/sbin/e-smith/config getprop onlyoffice secretString || /usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]'  )
fulladdress="$dshost:$dsport"
[ $(/sbin/e-smith/config getprop onlyoffice VirtualHost) ] && fulladdress=$(/sbin/e-smith/config getprop onlyoffice VirtualHost)

# configure onlyoffice
DIR="/var/www/onlyoffice"
DEFAULT_CONFIG="/etc/onlyoffice/documentserver/default.json"
EXAMPLE_CONFIG="/etc/onlyoffice/documentserver-example/default.json"
SAVED_DEFAULT_CONFIG="$DEFAULT_CONFIG.rpmsave"
PSQL=""
CREATEDB=""
DS_PORT=${DS_PORT:-$dsport}
# DOCSERVICE_PORT=${DOCSERVICE_PORT:-8000}
# SPELLCHECKER_PORT=${SPELLCHECKER_PORT:-8080}
# EXAMPLE_PORT=${EXAMPLE_PORT:-3000}
JWT_ENABLED=${JWT_ENABLED:-true}
JWT_SECRET=${JWT_SECRET:-secret}
JWT_HEADER=${JWT_HEADER:-Authorization}
JWT_SECRET=`/sbin/e-smith/config getprop onlyoffice token`

# get reject unauthorized ssl config
REJECT_UNAUTHORIZED=`/sbin/e-smith/config getprop onlyoffice RejectUnauthorized || echo "true"`
verify_peer_off="false";
if [[ "$REJECT_UNAUTHORIZED" == "false" ]]; then verify_peer_off="true";  fi

# create database if not exist
export PGPASSWORD=`/sbin/e-smith/config getprop onlyoffice dbpass || echo 'onlyoffice'`
PGUSER=`/sbin/e-smith/config getprop onlyoffice dbuser || echo 'onlyoffice'`
PGNAME=`/sbin/e-smith/config getprop onlyoffice dbname || echo 'onlyoffice'`
CONNECTION_PARAMS="-hlocalhost -U$PGUSER -w"
psql="/usr/pgsql-13/bin/psql"
PSQL="$psql -q $CONNECTION_PARAMS"
CREATEDB="createdb -q $CONNECTION_PARAMS"

su - postgres -c "$psql -lqt | cut -d \| -f 1 | grep -q -w $PGNAME"
if [ $? -eq 1 ]; then # database do not exists
  su - postgres -c "$psql -c \"CREATE DATABASE $PGNAME;\""
  su - postgres -c "$psql -c \"CREATE USER $PGUSER WITH password '$PGPASSWORD';\""
  su - postgres -c "$psql -c \"GRANT ALL privileges ON DATABASE $PGNAME TO $PGUSER;\""
else
  su - postgres -c "$psql -c \"ALTER USER $PGUSER WITH password '$PGPASSWORD';\""
fi

# check if db works correctly
$PSQL -c ";" >/dev/null 2>&1 || { echo "FAILURE"; exit 1; }

# db schema
$PSQL -d "$PGNAME" -f "$DIR/documentserver/server/schema/postgresql/createdb.sql" >/dev/null 2>&1

# change port 8080 to 48080 for spellchecker to not conflict with tomcat
jq -r ".SpellChecker.server.port = 48080" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# change port 8000 to 48000 for coauth to not conflict with webvirtmgr
jq -r ".services.CoAuthoring.server.port = 48000" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# postgres db settings
jq -r ".services.CoAuthoring.sql.dbHost = \"localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.sql.dbName= \"onlyoffice\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.sql.dbUser = \"onlyoffice\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.sql.dbPass = \"${PGPASSWORD}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# RabbitMQ
jq -r ".rabbitmq.url = \"amqp://guest:guest@localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# redis
jq -r ".services.CoAuthoring.redis.host = \"localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# enable jwt token for browser, inbox and outbox
jq -r ".services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# set secret for session, inbox and outbox
jq -r ".services.CoAuthoring.secret.inbox.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.secret.outbox.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.secret.session.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# set header, define in JWT_HEADER
jq -r ".services.CoAuthoring.token.inbox.header = \"${JWT_HEADER}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
jq -r ".services.CoAuthoring.token.outbox.header = \"${JWT_HEADER}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# Allow unauthorized SSL if enabled
jq -r ".services.CoAuthoring.requestDefaults.rejectUnauthorized = ${REJECT_UNAUTHORIZED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

#add very secret string https://forum.onlyoffice.com/t/onlyoffice-7-2-secure-link-secret-error/2806/4
jq -r ".storage.fs.secretString = \"${secretString}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG

# configure nextcloud
if [ -f /usr/share/nextcloud/occ ]; then # check if nextcloud is installed
    # Install onlyoffice app
    /usr/bin/occ app:install onlyoffice

    # Set DocumentServerUrl
    /usr/bin/occ config:app:set onlyoffice DocumentServerUrl --value="https://$fulladdress/"

    # Set token secret
    /usr/bin/occ config:app:set onlyoffice jwt_secret --value="$JWT_SECRET"

    # Enable onlyoffice app
    /usr/bin/occ app:enable onlyoffice

    # allow self-signed cert make it conditional
    /usr/bin/occ config:app:set onlyoffice verify_peer_off --value="$verify_peer_off"
fi

# check if webtop5 db is present to add onlyoffice config and restart webtop
su - postgres -c "$psql -lqt | cut -d \| -f 1 | grep -q -w webtop5"
if [ $? -eq 0 ]; then
   su - postgres -c "$psql webtop5" <<EOF
INSERT INTO core.settings(service_id, key, value)
    SELECT 'com.sonicle.webtop.core', 'documentserver.secret.in', '$JWT_SECRET'
WHERE NOT EXISTS (
    SELECT 1 FROM core.settings WHERE key='documentserver.secret.in'
);

INSERT INTO core.settings(service_id, key, value)
    SELECT 'com.sonicle.webtop.core', 'documentserver.secret.out', '$JWT_SECRET'
WHERE NOT EXISTS (
    SELECT 1 FROM core.settings WHERE key='documentserver.secret.out'
);

INSERT INTO core.settings(service_id, key, value)
    SELECT 'com.sonicle.webtop.core', 'documentserver.loopback.url', 'https://$fqdn/webtop'
WHERE NOT EXISTS (
    SELECT 1 FROM core.settings WHERE key='documentserver.loopback.url'
);

INSERT INTO core.settings(service_id, key, value)
    SELECT 'com.sonicle.webtop.core', 'documentserver.public.url', 'https://$fulladdress'
WHERE NOT EXISTS (
    SELECT 1 FROM core.settings WHERE key='documentserver.public.url'
);

INSERT INTO core.settings(service_id, key, value)
    SELECT 'com.sonicle.webtop.core', 'documentserver.enabled', 'true'
WHERE NOT EXISTS (
    SELECT 1 FROM core.settings WHERE key='documentserver.enabled'
);

UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.secret.in', value='$JWT_SECRET' WHERE key='documentserver.secret.in';
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.secret.out', value='$JWT_SECRET' WHERE key='documentserver.secret.out';
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.loopback.url', value='https://$fqdn/webtop' WHERE key='documentserver.loopback.url';
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.public.url', value='https://$fulladdress' WHERE key='documentserver.public.url';
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.enabled', value='true' WHERE key='documentserver.enabled';
EOF

   systemctl restart tomcat8@webtop

fi

# set owner of config file to onlyoffice

chown ds:ds $DEFAULT_CONFIG