setup

#!/usr/bin/env bash

red='\033[31m'
green='\033[32m'
yellow='\033[33m'
blue='\033[34;1m'
nc='\033[0m'

command_exists () {
	if ! type "$1" &> /dev/null; then
		printf "\n$red%s$nc %s\n$1 %s\n%s" "[ERROR]" "Prerequisite requirements not met" "not found!" "Please make sure all requirements are installed."
		exit 1
	fi
}

validate_username () {
	if ! [[ $ERNESTUSER =~ ^[a-zA-Z0-9@._-]*$ ]]; then
		printf "$red%s$nc\n\n" "Username can only contain the following characters: a-z 0-9 @._-"
		unset ERNESTUSER
	fi
}

validate_password () {
	if [[ ${#ERNESTPASSWORD} -lt 8 ]]; then
		printf "$red%s$nc\n\n" "Minimum password length is 8 characters"
		unset ERNESTPASSWORD
		return
	fi

	if ! [[ $ERNESTPASSWORD =~ ^[a-zA-Z0-9@._-]*$ ]]; then
		printf "$red%s$nc\n\n" "Password can only contain the following characters: a-z 0-9 @._-"
		unset ERNESTPASSWORD
		return
	fi
	echo
}

printf "\n$blue%s\n%s$nc\n\n" "Ernest Setup Tool" "-----------------"

# prereqs
printf "%s " "Checking prerequisites..."
command_exists wget
command_exists openssl
command_exists docker
command_exists docker-compose
printf "$green%s$nc\n" "done"

# input
while [[ -z $ERNESTHOSTNAME ]]; do
	printf "$blue%s$nc " "Hostname:"
	read ERNESTHOSTNAME
done

if ! [[ -z $ERNESTUSER ]]; then
	validate_username
fi

while [[ -z $ERNESTUSER ]]; do
	printf "$blue%s$nc " "Username:"
	read ERNESTUSER
	validate_username
done

if ! [[ -z $ERNESTPASSWORD ]]; then
	validate_password
fi

while [[ -z $ERNESTPASSWORD ]]; do
	printf "$blue%s$nc " "Password:"
	read -s ERNESTPASSWORD
	echo
	validate_password
done

while [[ -z $ERNESTTLS ]]; do
	printf "$blue%s$nc " "Install custom certificate (Y/N):"
	read RESPONSE
	if [[ $RESPONSE == "y" || $RESPONSE == "Y" ]]; then
		while [[ -z $ERNESTTLSCERT ]]; do
			printf "$blue%s$nc " "Certificate file:"
			read ERNESTTLSCERT
		done
		while [[ -z $ERNESTTLSKEY ]]; do
			printf "$blue%s$nc " "Certificate key file:"
			read ERNESTTLSKEY
		done
		ERNESTTLS=true
	else
		ERNESTTLS=false
	fi
done

# license check
if [[ -f license.json ]]; then
	printf "\n%s\n%s" "License found" "Validating... "

	wget https://s3-eu-west-1.amazonaws.com/ernest-tools/ernest-verifier-`uname` -O ernest-verifier &> /dev/null
	chmod +x ernest-verifier

	./ernest-verifier license.json &> /dev/null

	if [[ ! $? == 0 ]]; then
		printf "$red%s$nc\n" "failed"
		exit 1
	fi

	printf "$green%s$nc\n" "done"

	cp config/nginx/ernest.licensed config/nginx/ernest.local

	if $(grep -q 'image: quay.io' docker-compose.yml); then
		cp docker-compose.enterprise.yml docker-compose.yml

		registryHost=$(grep registryHost license.json | awk -F \" '{printf $4}')
		registryUser=$(grep registryUser license.json | awk -F \" '{printf $4}')
		registryToken=$(grep registryToken license.json | awk -F \" '{printf $4}')

		docker login -u $registryUser -p $registryToken $registryHost &> /dev/null
	fi
fi

if [[ $ERNESTTLS == true ]]; then
	printf "\n%s" "Installing Certificates... "
	cp $ERNESTTLSCERT ./config/nginx/ernest.crt &> /dev/null
	cp $ERNESTTLSKEY ./config/nginx/ernest.key &> /dev/null
	printf "$green%s$nc\n" "done"
else
	printf "\n%s" "Generating Certificates... "
	openssl req \
		-new \
		-newkey rsa:4096 \
		-days 365 \
		-nodes \
		-x509 \
		-subj "/C=UK/ST=London/L=London/O=ErnestIO/CN=$ERNESTHOSTNAME" \
		-keyout ./config/nginx/ernest.key \
		-out ./config/nginx/ernest.crt &> /dev/null
	printf "$green%s$nc\n" "done"
fi

sed -i.bak "s/ERNESTHOSTNAME/$ERNESTHOSTNAME/g" ./config/nginx/ernest.local && rm ./config/nginx/ernest.local.bak
sed -i.bak "s/ERNESTHOSTNAME/$ERNESTHOSTNAME/g" ./config/webui/app.globals.ts && rm ./config/webui/app.globals.ts.bak

# Setup a random JWT Token for api-gateway
if [[ -z $TOKEN ]]; then
	printf "%s" "Generating API token... "
	TOKEN=`openssl rand -base64 32`
	printf "$green%s$nc\n" "done"
fi
sed -i.bak "s:GENERATEDJWTSECRET:$TOKEN:g" docker-compose.yml && rm docker-compose.yml.bak

# Setup a random CRYPTO_KEY
if [[ -z $CRYPTO_KEY ]]; then
	printf "%s" "Generating cryptographic key... "
	CRYPTO_KEY=`openssl rand -base64 24`
	printf "$green%s$nc\n" "done"
fi
sed -i.bak "s:CRYPTO_KEY_TEMPLATE:$CRYPTO_KEY:g" docker-compose.yml && rm docker-compose.yml.bak

# Make volume for postgres data
mkdir -p postgres/data

printf "\n$blue%s$nc\n\n" "Starting Ernest"

# Boot services via docker-compose or composable (if available).
composable_exists=$(command -v composable &> /dev/null; echo $?)
if [ $composable_exists -eq 0 ]; then
	composable up
else
	docker-compose up -d
fi

# Download the natsc tool
wget https://s3-eu-west-1.amazonaws.com/ernest-tools/natsc-`uname` -O natsc &> /dev/null
chmod +x ./natsc

# NOTE: Wait for backend services to become available.
printf "\n%s" "Waiting for services... "
./natsc request -s nats://127.0.0.1:4222 -t 5 -r 99 'authorization.find' '{}' &> /dev/null
./natsc request -s nats://127.0.0.1:4222 -t 5 -r 99 'datacenter.find' '{}' &> /dev/null
printf "$green%s$nc\n" "done"
# setup admin account
printf "%s" "Creating accounts... "
./natsc request -s nats://127.0.0.1:4222 -t 5 -r 99 'user.set' "{\"username\": \"$ERNESTUSER\", \"password\": \"$ERNESTPASSWORD\", \"type\": \"local\", \"admin\": true, \"disabled\": false}" &> /dev/null
printf "$green%s$nc\n" "done"

printf "\n$green%s$nc\n\n" "Setup complete!"
printf "%s $blue%s$nc\n" "Please download the latest client from" "https://github.com/ernestio/ernest-cli/releases"
printf "%s $blue%s$nc %s $blue%s$nc %s\n" "Then configure with" "ernest-cli setup" "providing" "https://$ERNESTHOSTNAME" "as the target."