#!/bin/bash
# This file is part of GNU TALER.
# Copyright (C) 2023 Taler Systems SA
#
# TALER is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 2.1, or (at your option) any later version.
#
# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with
# TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
#
# @author Christian Grothoff
#
#
# Error checking on
set -eu

RESET_DB=0
SKIP_DBINIT=0
FORCE_PERMS=0
DBUSER="taler-exchange-httpd"
DBGROUP="taler-exchange-db"
CFGFILE="/etc/taler/taler.conf"

# Parse command-line options
while getopts 'c:g:hprsu:' OPTION; do
  case "$OPTION" in
  c)
    CFGFILE="$OPTARG"
    ;;
  h)
    echo 'Supported options:'
    echo "  -c FILENAME  -- use configuration FILENAME (default: $CFGFILE)"
    echo "  -g GROUP     -- taler-exchange to be run by GROUP (default: $DBGROUP)"
    echo "  -h           -- print this help text"
    echo "  -r           -- reset database (dangerous)"
    echo "  -p           -- force permission setup even without database initialization"
    echo "  -s           -- skip database initialization"
    echo "  -u USER      -- taler-exchange to be run by USER (default: $DBUSER)"
    exit 0
    ;;
  p)
    FORCE_PERMS="1"
    ;;
  r)
    RESET_DB="1"
    ;;
  s)
    SKIP_DBINIT="1"
    ;;
  u)
    DBUSER="$OPTARG"
    ;;
  ?)
    echo "Unrecognized command line option" 1>&2
    exit 1
    ;;
  esac
done

if ! id postgres >/dev/null; then
  echo "Could not find 'postgres' user. Please install Postgresql first"
  exit 1
fi

if [ "$(id -u)" -ne 0 ]; then
  echo "This script must be run as root"
  exit 1
fi

if [ 0 = "$SKIP_DBINIT" ]; then
  if ! taler-exchange-dbinit -v 2>/dev/null; then
    echo "Required 'taler-exchange-dbinit' not found. Please fix your installation."
    exit 1
  fi
  DBINIT=$(which taler-exchange-dbinit)
fi

if ! id "$DBUSER" >/dev/null; then
  echo "Could not find '$DBUSER' user. Please set it up first"
  exit 1
fi

echo "Setting up database user '$DBUSER'." 1>&2

if ! sudo -i -u postgres createuser "$DBUSER" 2>/dev/null; then
  echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
fi

DBPATH=$(taler-config \
  -c "$CFGFILE" \
  -s exchangedb-postgres \
  -o CONFIG)

if ! echo "$DBPATH" | grep "postgres://" >/dev/null; then
  echo "Invalid database configuration value '$DBPATH'." 1>&2
  exit 1
fi

DBNAME=$(echo "$DBPATH" |
  sed \
    -e "s/postgres:\/\/.*\///" \
    -e "s/?.*//")

if sudo -i -u postgres psql "$DBNAME" </dev/null 2>/dev/null; then
  if [ 1 = "$RESET_DB" ]; then
    echo "Deleting existing database '$DBNAME'." 1>&2
    if ! sudo -i -u postgres dropdb "$DBNAME"; then
      echo "Failed to delete existing database '$DBNAME'"
      exit 1
    fi
    DO_CREATE=1
  else
    echo "Database '$DBNAME' already exists, continuing anyway."
    DO_CREATE=0
  fi
else
  DO_CREATE=1
fi

if [ 1 = "$DO_CREATE" ]; then
  echo "Creating database '$DBNAME'." 1>&2

  if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"; then
    echo "Failed to create database '$DBNAME'"
    exit 1
  fi
fi

if [ 0 = "$SKIP_DBINIT" ]; then
  echo "Initializing database '$DBNAME'." 1>&2
  if ! sudo -u "$DBUSER" "$DBINIT" -c "$CFGFILE"; then
    echo "Failed to initialize database schema"
    exit 1
  fi
fi

if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
  DB_GRP="$(getent group "$DBGROUP" | sed -e "s/.*://g" -e "s/,/ /g")"
  echo "Initializing permissions for '$DB_GRP'." 1>&2
  for GROUPIE in $DB_GRP; do
    if [ "$GROUPIE" != "$DBUSER" ]; then
      if ! sudo -i -u postgres createuser "$GROUPIE" 2>/dev/null; then
        echo "Database user '$GROUPIE' already existed. Continuing anyway." 1>&2
      fi
      echo -e 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' \
        'GRANT USAGE ON ALL SEQUENCES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' |
        sudo -u "$DBUSER" psql "$DBNAME"
      echo -e 'GRANT USAGE ON SCHEMA exchange TO "'"$GROUPIE"'"' |
        sudo -u "$DBUSER" psql "$DBNAME"
      # FIXME: double-check the following GRANTs
      echo -e 'GRANT USAGE ON SCHEMA _v TO "'"$GROUPIE"'"' |
        sudo -u "$DBUSER" psql "$DBNAME"
      echo -e 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA _v TO "'"$GROUPIE"'"' |
        sudo -u "$DBUSER" psql "$DBNAME"

    fi
  done
fi

echo "Database configuration finished." 1>&2

exit 0