#!/usr/bin/env bash

CLN_REGISTER_SERVER="https://cln.cloudlinux.com/cln/api/els/server/register"
CLN_UNREGISTER_SERVER="https://cln.cloudlinux.com/cln/api/els/server/unregister"
LICENSE=""
HOSTNAME=$(hostname)
AUTH_CONF_PATH="/etc/yum/vars/mysqlelstoken"

MYSQL_ELS_PACKAGE_URI="https://repo.tuxcare.com/mysql-els/els-mysql-release-install.x86_64.rpm"

MYSQL_ELS_TEMP_RPM=""

exec 3>&1

cleanup() {
    if [[ -f "$MYSQL_ELS_TEMP_RPM" ]]; then
        rm -f "$MYSQL_ELS_TEMP_RPM"
    fi

    exec 3>&-
}

trap cleanup EXIT

log() {
    printf "%s\\n" "$1" 1>&3
}

show_usage() {
    echo 'Usage: install-mysql-els-repo.sh [OPTION]...'
    echo ''
    echo '  -l, --license-key   User license key'
    echo '  -f, --force         Force re-register if ELS is already installed'
    echo '  -d, --delete        Delete ELS from server'
    echo '  -v, --validate      Check if ELS is installed'
    echo '  -h, --help          Show this message and exit'
}

do_opts() {
    if [ $# -eq 0 ]; then
        log "$(show_usage)"
        exit 1
    fi
    while [ $# -gt 0 ]; do
        key="$1"
        case $key in
            -h|--help)
                log "$(show_usage)"
                exit 0
                ;;
            -l|--license-key)
                if [[ -z "$2" || "$2" == -* ]]; then
                    log "Error: --license-key requires an argument"
                    log "$(show_usage)"
                    exit 1
                fi
                LICENSE="$2"
                shift
                ;;
            -f|--force)
                FORCE=true
                ;;
            -d|--delete)
                DELETE=true
                ;;
            -v|--validate)
                VALIDATE=true
                ;;
            -*)
                log "Unknown option: $key"
                log "$(show_usage)"
                exit 1
                ;;
        esac
        shift
    done
}

mysql_els_installed() {
    log "Checking if els-mysql-release is already installed... "
    if rpm -q els-mysql-release > /dev/null 2>&1; then
        log "els-mysql-release package is already installed."
        return 0
    fi
    log "els-mysql-release package is not installed"
    return 1
}

extract_token() {
    if [ ! -f "$AUTH_CONF_PATH" ]; then
        log "ERROR: Auth config file not found at $AUTH_CONF_PATH"
        return 1
    fi

    token=$(cat "$AUTH_CONF_PATH")

    if [[ -z "$token" || "$token" != *SERVER* ]]; then
        log "ERROR: Invalid token in $AUTH_CONF_PATH (empty or missing SERVER marker)"
        return 1
    fi

    echo "$token"
    return 0
}

unregister_token() {
    if ! token=$(extract_token); then
        return 1
    fi

    log "Unregistering server token..."

    response=$(curl -i -s -X POST "${CLN_UNREGISTER_SERVER}?token=${token}")
    curl_exit_code=$?

    if [ $curl_exit_code -ne 0 ]; then
        log "ERROR: Failed to connect to unregister server (curl exited with status: $curl_exit_code)"
        return 1
    fi

    if ! echo "$response" | grep -qi '^HTTP/[0-9.]*[[:space:]]200'; then
        if [[ -z "$response" ]]; then
            log "elstoken wasn't found. Server is not registered"
        else
            log "Got incorrect status from CLN: $response"
        fi
        return 1
    fi

    log "Unregistered successfully"
    return 0
}

remove_mysql_els() {
    log "Removing els-mysql-release package... "
    if yum remove -y els-mysql-release 1>&3; then
        log "Removed els-mysql-release package successfully"
    else
        log "Error: Could not remove els-mysql-release package"
        return 1
    fi

    log "Removing authentication configuration file... "
    if [[ -f "$AUTH_CONF_PATH" ]]; then
        if rm -f "$AUTH_CONF_PATH" 1>&3; then
            log "Removed authentication configuration file successfully"
        else
            log "Error: Could not remove auth configuration file: $AUTH_CONF_PATH"
            return 1
        fi
    else
        log "Auth configuration file not found"
    fi

    log "MySQL ELS deleted successfully"
    return 0
}

delete_mysql_els() {
    if mysql_els_installed; then
        if [ "$FORCE" = "true" ]; then
            unregister_token || log "Warning: Failed to unregister, but continuing with force delete"
            remove_mysql_els
        else
            if ! unregister_token; then
                log "Couldn't deactivate account"
                return 12
            fi
            remove_mysql_els
        fi
    else
        log "ELS is not installed"
    fi
    log "ELS MySQL removal completed"
    return 0
}

get_auth_token() {
    log "Request repository token for this server... "
    local data="{\"key\": \"$3\", \"host_name\": \"$2\"}"
    local ret
    if ! ret=$(curl -s -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d "$data" "$1"); then
        log "Error (Curl command failed)"
        return 1
    fi
    local token
    token=$(echo "$ret" | grep -oP '"token":"\K[^"]*')
    if [ -n "$token" ]; then
        log "Ok"
        echo "$token"
        return 0
    fi
    log "Error (No token was returned from CLN)"
    return 1
}

install_els_mysql_release() {
    log "Installing els-mysql-release..."

    MYSQL_ELS_TEMP_RPM=$(mktemp /tmp/els-mysql-release-XXXXXX.rpm)

    if ! curl -fsSL -o "$MYSQL_ELS_TEMP_RPM" "$MYSQL_ELS_PACKAGE_URI"; then
        log "Error: Couldn't download els-mysql-release.rpm"
        return 1
    fi

    if ! yum install -y "$MYSQL_ELS_TEMP_RPM"; then
        log "Error: Couldn't install els-mysql-release"
        return 3
    fi

    log "els-mysql-release installed successfully"
    return 0
}

check_system_compatibility() {
    log "Checking system compatibility..."

    if [[ ! -f /etc/redhat-release ]]; then
        log "This server is not RHEL based"
        return 1
    fi

    if ! command -v curl &> /dev/null; then
        log "Error: curl is required but not installed"
        return 1
    fi

    log "System compatibility check passed"
}

check_superuser_privileges() {
    log "Checking for superuser privileges..."
    if [ "$(id -u)" -ne 0 ]; then
        log "Error: This script must be run with superuser privileges"
        return 1
    fi
    log "Superuser privileges confirmed"
    return 0
}

main() {
    do_opts "$@"

    if ! check_superuser_privileges; then
        return 14
    fi

    if ! check_system_compatibility; then
        return 1
    fi

    if [ "$DELETE" = "true" ];  then
        delete_mysql_els
        return $?
    fi

    if [[ "$VALIDATE" = "true" ]]; then
        if mysql_els_installed; then
            if token=$(extract_token); then
                log "Server is registered with token $token"
                exit 0
            else
                log "els-mysql-release is installed but token is missing or invalid"
                exit 1
            fi
        else
            log "Server is not registered"
            exit 1
        fi
    fi

    if [[ -z $LICENSE ]]; then
        log "License key should be specified with -l, --license-key."
        log "See -h, --help."
        return 1
    fi

    if mysql_els_installed; then
        if [ "$FORCE" = "true" ]; then
            unregister_token
            remove_mysql_els
        else
            if ! extract_token > /dev/null 2>&1; then
                log "els-mysql-release is installed but token is missing or invalid"
                log "Run script with --force to repair the installation"
            else
                log "This server has installed ELS repo and token"
                log "For re-registration license run script with --force"
            fi
            return 2
        fi
    fi

    log "Registering in CLN..."
    local token
    if ! token=$(get_auth_token "$CLN_REGISTER_SERVER" "$HOSTNAME" "$LICENSE"); then
        return 3
    fi

    if ! echo "${token}" > "$AUTH_CONF_PATH"; then
        log "Error (Could not write to $AUTH_CONF_PATH)"
        return 10
    fi

    log "Applying repository token for this server..."
    if ! install_els_mysql_release; then
        return 9
    fi

    log "ELS for MySQL installed successfully"
}

main "$@"