#!/bin/bash

set -eux

if [[ ! -d /app/data/synapse ]]; then
    echo "=> Detected first run"

    # copy turn config
    cp /usr/share/coturn/examples/etc/turnserver.conf /app/data/turnserver.conf

    #set default TURN listening port
    if [ -z ${TURN_TLS_PORT+x} ]; then TURN_TLS_PORT="5349"; else echo "TURN_TLS_PORT is set to '$TURN_TLS_PORT'"; fi


    mkdir -p /app/data/synapse
    cd /app/data/synapse
    python -m synapse.app.homeserver \
	    --server-name ${APP_DOMAIN#*.} \
	    --config-path homeserver.yaml \
	    --report-stats=no \
	    --generate-config

    # synapse config
    sed -i "s/server_name:.*/server_name: ${APP_DOMAIN}/" homeserver.yaml
    sed -i "s/web_client:.*/web_client: False/" homeserver.yaml
    sed -i "s,- webclient .*,# - webclient  # The bundled webclient," homeserver.yaml
    sed -i "s/client, webclient/client/" homeserver.yaml
    sed -i "s/sqlite3/psycopg2/" homeserver.yaml
    sed -i "s/    database: .*/    user: ${POSTGRESQL_USERNAME}\n    password: ${POSTGRESQL_PASSWORD}\n    database: ${POSTGRESQL_DATABASE}\n    host: ${POSTGRESQL_HOST}\n    cp_min: 5\n    cp_max: 10/" homeserver.yaml
    sed -i "s/enable_registration: .*/enable_registration: True/" homeserver.yaml
    sed -i "s/# password_providers:/password_providers:/" homeserver.yaml
    sed -i 's/#     - module: "ldap_auth_provider.LdapAuthProvider"/     - module: "ldap_auth_provider.LdapAuthProvider"/' homeserver.yaml
    sed -i 's/#       config:/       config:/' homeserver.yaml
    sed -i 's/#         enabled: true/         enabled: true/' homeserver.yaml
    sed -i "s,#         uri: .*,         uri: \"${LDAP_URL}\"," homeserver.yaml
    sed -i 's/#         start_tls: true/         start_tls: false/' homeserver.yaml
    sed -i 's/#         base: "ou=users,dc=example,dc=com"/         base: "ou=users,dc=cloudron"/' homeserver.yaml
    sed -i 's/#         attributes:/         attributes:/' homeserver.yaml
    sed -i 's/#            uid: "cn"/           uid: "username"/' homeserver.yaml
    sed -i 's/#            mail: "email"/           mail: "mail"/' homeserver.yaml
    sed -i 's/#            name: "givenName"/           name: "username"/' homeserver.yaml
    sed -i 's/max_upload_size:.*/max_upload_size: "20M"/' homeserver.yaml
    sed -i 's/#auto_join_rooms:/auto_join_rooms:/' homeserver.yaml
    sed -i 's/#    - "#example:example.com"/    - "#example:example.com"/' homeserver.yaml
    sed -i "s/example:example.com/discuss:${APP_DOMAIN}/" homeserver.yaml
    sed -i "s/turn_allow_guests:.*/turn_allow_guests: False/" homeserver.yaml
    sed -i "s/enable_group_creation:.*/enable_group_creation: True/" homeserver.yaml
    sed -i "s/enable_group_creation:.*/enable_group_creation: True/" homeserver.yaml
    sed -i "s/#user_directory:/user_directory:/" homeserver.yaml
    sed -i "s/#   search_all_users:.*/   search_all_users: True/" homeserver.yaml


    # coturn
    TURNPWD=$(pwgen -s 64 1)
    sed -i "s/#tls-listening-port=5349/tls-listening-port=5349/" /app/data/turnserver.conf
    sed -i "s/#realm=mycompany.org/realm=${APP_DOMAIN}/" /app/data/turnserver.conf
    sed -i "s/#lt-cred-mech/lt-cred-mech/" /app/data/turnserver.conf
    sed -i "s/#use-auth-secret/use-auth-secret/" /app/data/turnserver.conf
    sed -i "s/#lt-cred-mech/lt-cred-mech/" /app/data/turnserver.conf
    sed -i "s/#static-auth-secret=.*/static-auth-secret=${TURNPWD}/" /app/data/turnserver.conf
    sed -i "s/turn_uris: .*/turn_uris: [\"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=udp\", \"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=tcp\"]/" homeserver.yaml
    sed -i "s/turn_shared_secret: .*/turn_shared_secret: \"${TURNPWD}\"/" homeserver.yaml
    sed -i "s/#cipher-list=.*/cipher-list=\"HIGH\"/" /app/data/turnserver.conf
    sed -i "s/#log-file=.*/log-file=\/app\/data\/turn_log\/turn.log/" /app/data/turnserver.conf


    # get cert names from synapse
    TLS_CRT=$(ls *.tls.crt)
    TLS_KEY=$(ls *.tls.key)
    TLS_DH=$(ls *.tls.dh)
    sed -i "s,#cert=.*,cert=/app/data/synapse/${TLS_CRT}," /app/data/turnserver.conf
    sed -i "s,#pkey=.*,pkey=/app/data/synapse/${TLS_KEY}," /app/data/turnserver.conf
    sed -i "s,#dh-file=.*,dh-file=/app/data/synapse/${TLS_DH}," /app/data/turnserver.conf

fi


mkdir -p /app/data/nginx
mkdir -p /app/data/nginx_log
mkdir -p /app/data/turn_log

chown -R www-data.www-data /app/data

cd /app/data/synapse

# check if TURN port has changed and update it
if [ -z ${TURN_TLS_PORT+x} ]; then TURN_TLS_PORT="5349"; fi
sed -i "s/turn_uris: .*/turn_uris: [\"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=udp\", \"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=tcp\"]/" homeserver.yaml
sed -i "s/tls-listening-port=.*/tls-listening-port=${TURN_TLS_PORT}/" /app/data/turnserver.conf

# check if certificate changed and update fingerprint
TLS_FINGERPRINT=$(openssl s_client -connect ${APP_DOMAIN}:${TURN_TLS_PORT} < /dev/null 2> /dev/null | openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '=')
sed -i "s,^tls_fingerprints:.*,tls_fingerprints: [{sha256: \"${TLS_FINGERPRINT}\"}]," homeserver.yaml

gosu www-data turnserver -c /app/data/turnserver.conf --daemon -v

# update user and pass in case they changed
sed -i "s/ user: .*/ user: ${POSTGRESQL_USERNAME}/" homeserver.yaml
sed -i "s/ password: .*/ password: ${POSTGRESQL_PASSWORD}/" homeserver.yaml
sed -i "s/ database: .*/ database: ${POSTGRESQL_DATABASE}/" homeserver.yaml
sed -i "s,         uri: .*,         uri: \"${LDAP_URL}\"," homeserver.yaml


gosu www-data python -m synapse.app.homeserver --config-path homeserver.yaml &> /dev/null &

exec /usr/sbin/nginx -g 'daemon off;'