#! /bin/bash

# TODO: currently setup.sh assumes you're a sudoer, not root

DEST="/usr/local/bin"

# TODO: Make trigger configurable
TRIGGER=./triggers/git-build
DATABASE=./databases/unix

# Autodetect forgehook user if it's already setup
owner=$(find /usr/local/bin/forgehook -maxdepth 0 -printf '%u')
if [[ $? = 0 ]]; then
    echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
else
    # OK it's not setup yet, maybe try a user from argument?
    if [ $# -gt 0 ]; then
        owner="$1"
        echo "[setup.sh] Setup for user $owner"
    else
        # Default value
        owner="forgehook"
        echo "[setup.sh] No setup user found. Using default value $owner"
    fi
fi

# If the user doesn't exist, create it
if ! id -u "$owner" > /dev/null 2>&1; then
    # We need to create the forgehook user
    echo "[setup.sh] User $owner doesn't exist yet. Creating it."
    sudo useradd --create-home --shell /bin/bash --user-group --system --home-dir /opt/forgehook "$owner"
fi

# TODO: Check we can escalade privileges

# Everyone can execute (user-facing wrapper)
sudo cp bin/forgehook $DEST
sudo chown "$owner:$owner" $DEST/forgehook

# Only $owner can execute
sudo cp $DATABASE $DEST/forgehook-db
sudo chown "$owner:$owner" $DEST/forgehook-db
sudo chmod 744 $DEST/forgehook-db

# Only root should execute
sudo cp bin/forgehook-notify $DEST/forgehook-notify
sudo chown "$owner:$owner" $DEST/forgehook-notify
sudo chmod 744 $DEST/forgehook-notify

# Everyone can execute (wrapper script for build manager such as git-build)
sudo cp $TRIGGER $DEST/forgehook-trigger
sudo chown "$owner:$owner" $DEST/forgehook-trigger
sudo chmod 755 $DEST/forgehook-trigger

echo "[setup.sh] Installed forgehook to $DEST for $owner"

# Auto setup sudo rules
SUDO_SETUP=0
if ! sudo grep "forgehook-db" /etc/sudoers > /dev/null; then
    SUDO_SETUP=1
    # Need to open a dedicated shell through sudo or we don't have permissions
    sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-db >> /etc/sudoers"
fi
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
    SUDO_SETUP=1
    # TODO: permission for forgehook-notify should belong to group, not user so we can give
    # permission to run notifications without having access to database for 3rd party tools
    # if you need a tool that has access to db please run it as forgehook user!
    sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-notify >> /etc/sudoers"
fi

[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"