#! /usr/bin/env bash

#set -euo pipefail

dbrepo="$HOME/dev/cellinfo/ipritevents"

ldap_file=$(mktemp)
trap 'rm -f "$ldap_file"' EXIT

ask_yes_no() {
  local prompt="$1"
  local default="$2"   # y ou n
  local reply

  while true; do
    if [[ "$default" == "y" ]]; then
      read -rp "$prompt [Y/n] " reply
      reply=${reply:-y}
    else
      read -rp "$prompt [y/N] " reply
      reply=${reply:-n}
    fi

    case "$reply" in
      [Yy]|[Oo])
        return 0
        ;;
      [Nn])
        return 1
        ;;
      *)
        echo "Invalid choice, Please answer 'y' or 'n'."
        ;;
    esac
  done
}

search_db() {
    # $1: The login to seach in the db file
    #git -C "$dbrepo" pull
    local file="$dbrepo"/itevents.sql
    local col=3
    local user="$1"

    sed -n "/^\s*(\s*'$user'\s*,/p" "$file" \
        | tr -d "'()" |cut -d, --fields=$col \
        | tr -d " "
}

update_db() {
    # $1: The login to seach in the db file
    #git -C "$dbrepo" pull
    local user="$1"
    local file="$dbrepo"/itevents.sql
    local archiver=$(whoami)
    local now=$(date +'%Y-%m-%d %H:%M:%S.%3N%:z')

    sed -E -i "/^\('$user',/ s/(, *'[^,]*' *){2}, *'([^,]*)' *\)/, '$archiver', '$now', '\2')/g" "$file"

    # commit
    git -C "$dbrepo" add itevents.sql
    git -C "$dbrepo" commit -m "Archived data from old user \"$user\""

}


search_email() {
    local login="$1"

    email=$(ldapsearch -x -LLL \
        -H ldaps://ldap.univ-rennes1.fr \
        -D "uid=$(whoami),ou=people,dc=univ-rennes1,dc=fr" \
        -y "$ldap_file" \
        -b "dc=univ-rennes1,dc=fr" \
        "(uid=$login)" mail \
        | awk -F': ' '/^mail: / {print $2}')
    echo "$email"
}

search_ghosts() {
    local home_folder="/mnt/home.ipr"
    #folders=$(find /mnt/home.ipr -mindepth 1 -maxdepth 1 -type d ! -name '.*' -exec \
    #          sh -c 'getent passwd "$(basename "$1")" > /dev/null || printf "%s\n" "$(basename "$1")"' _ {} \; )

    mapfile -d '' -t orphan_homes < <(
        find "$home_folder" -mindepth 1 -maxdepth 1 -type d ! -name '.*' \
            -exec sh -c '
                for d; do
                    getent passwd "$(basename "$d")" > /dev/null || printf "%s\0" "$(basename "$d")"
                done
            ' _ {} + \
                | sort -z
    )
    echo "${orphan_homes[@]}"
}
    

run_remote() {
    local use_sudo=0

    if [[ "$1" == "--sudo" ]]; then
        use_sudo=1
        shift
    fi

    local host="$1"
    local task="$2"
    shift 2
    local args=("$@")

    local remote_cmd="bash -s"
    [[ $use_sudo -eq 1 ]] && remote_cmd="sudo -S bash -s"

    {
        [[ $use_sudo -eq 1 ]] && echo "$PASS"
        declare -f "$task"
        printf '%q ' "$task" "${args[@]}"
        echo
    } | ssh "$host" "$remote_cmd"
}


sync_folder() {
    # source folder
    local src="$1"
    # destination folder
    local dest="$2"
    # supervisor login
    local supervisor="$3"

    supervisor_group=$(id -gn $supervisor)
    # Create dir
    mkdir -p "$dest"
    chown $supervisor:$supervisor_group "$dest"
    # sync
    rsync -av --exclude='.*' --chown=$supervisor:$supervisor_group "$src" "$dest"
}


remove_folder() {
    local folder="$1"
    echo "Removing \""$1"\"..."
    rm -r "$folder"
}


mail_it() {
    local email="$1"
    local msg="$2"
    local subject="Old data migrated to your personnal folders on Alambix"

    echo "$msg" | mailx -s "$subject" "$email"
}



### MAIN
# Ask password
read -s -p "Please enter sudo password: " PASS
echo
# store it securely for ldap access
printf '%s' "$PASS" > "$ldap_file"
chmod 600 "$ldap_file"


# Ask for account name
echo
echo "Please select an orphan folder in the list: "
echo
PS3="Enter an item number: "
while true; do
    select old_user in $(run_remote "home.ipr" "search_ghosts"); do
        if [[ -n "$old_user" ]]; then
            echo "Selection: $old_user"
            break 2
        else
            echo "Invalid choice"
        fi
    done
done


# Ask for supervisor's login
supervisor_found=$(search_db "$old_user")
read -rp "Supervisor's login ["$supervisor_found"]: " supervisor
supervisor=${supervisor:-"$supervisor_found"}

# Find corresponding folders
work_src=/mnt/work/$old_user
home_src=/mnt/home.ipr/$old_user
work_dest=/mnt/work/$supervisor/old_users/
home_dest=/mnt/home.ipr/$supervisor/old_users/

# Ask if we remove folders after sync
ask_yes_no "Remove \"$work_src\" and \"$home_src\" after synchronization ?" y
remove_after=$?

# Should we warn the supervisor
ask_yes_no "Email confirmation to supervisor ?" y
send_email=$?
if [ "$send_email" == 0 ]; then
    email_found=$(search_email "$supervisor")
    read -rp "Email address ["$email_found"]: " email
    email=${email:-"$email_found"}
fi

# Print a summary
echo "/!\ SUMMARY:"
echo "------------"
echo    "-> \"$work_src\" will be synchronized in \"$work_dest\""
echo    "-> \"$home_src\" will be synchronized in \"$home_dest\""
echo -n "-> \"$work_src\" and \"$home_src\" will be " 
[[ "$remove_after" == 0 ]] && echo -n "REMOVED from " || echo -n "KEPT on " 
echo "the file system."
#[[ "$delete_user" == 0 ]] && echo "-> User "$folder" WILL BE DELETED."
[[ "$send_email" == 0 ]]  && echo "-> A confirmation will be sent to "$email"."
echo ""
ask_yes_no "Proceed ?" n
do_it=$?
message=$(cat <<EOF
This is an automatic message, please do not reply.

User "$old_user" is no longer a user of the alambix system.
You are identified as the supervisor of this former user.
In order to delete ${old_user}'s personal files from the system,
his/her data has been migrated to your /home and /work folders
in - $work_dest$old_user
   - $home_dest$old_user

Please manage this data as soon as possible and keep only what 
is necessary.
EOF
)


if [ "$do_it" == 0 ]; then
    run_remote --sudo "home.ipr" "sync_folder" "$home_src" "$home_dest" "$supervisor"
    run_remote --sudo "work.ipr" "sync_folder" "$work_src" "$work_dest" "$supervisor"
    if [ "$remove_after" == 0 ]; then
        ask_yes_no "Please CONFIRM that you REALLY want to delete "$work_src" and "$home_src" ?" y
        confirm_removal=$?
        [[ "$confirm_removal" == 0 ]] && run_remote --sudo "home.ipr" "remove_folder" "$home_src"
        [[ "$confirm_removal" == 0 ]] && run_remote --sudo "work.ipr" "remove_folder" "$work_src"
    fi
    [[ "$send_email" == 0 ]] && run_remote "alambix" "mail_it" "$email" "$message"
    update_db "$old_user"
else
    echo "Operation aborted."
fi