#!/usr/bin/perl

use Lemonldap::NG::Common::Conf;
use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Manager::Conf::Parser;
use Lemonldap::NG::Handler::Main::Jail;
use Lemonldap::NG::Manager::Cli::Lib;
use File::Compare qw/compare/;
use Data::Dumper;
use English qw(-no_match_vars);
use File::Temp;
use POSIX qw(setuid setgid);
use Safe;
use Getopt::Long;
use strict;

my $cli = Lemonldap::NG::Manager::Cli::Lib->new;

our $opt_user  = '__APACHEUSER__';
our $opt_group = '__APACHEGROUP__';
our $opt_json;

GetOptions(
    "user=s"  => \$opt_user,
    "group=s" => \$opt_group,
    "json"    => \$opt_json,
) or die("Error in command line arguments\n");

eval {
    setgid( ( getgrnam($opt_group) )[2] );
    setuid( ( getpwnam($opt_user) )[2] );
    my (undef, undef, undef, undef, undef, undef, undef, $homedir, undef) = getpwnam($opt_user);
    $ENV{HOME} = $homedir if $homedir;
    print STDERR "Running as uid $EUID and gid $EGID\n";
};

my $conf = Lemonldap::NG::Common::Conf->new();

unless ($conf) {
    print STDERR $Lemonldap::NG::Common::Conf::msg;
    exit 1;
}

my $refConf = $conf->getConf( { raw => 1, noCache => 1 } );
delete $refConf->{reVHosts};
delete $refConf->{cipher};
delete $refConf->{cfgAuthor};
delete $refConf->{cfgAuthorIP};
delete $refConf->{cfgDate};
$refConf->{cfgLog} = '';

my $tmp;
if ($opt_json) {
    require JSON;
    $tmp = JSON->new->pretty->canonical->encode($refConf);
}
else {
    # Sort keys
    $Data::Dumper::Sortkeys = 1;
    $Data::Dumper::Useperl  = 1;
    $tmp                    = Dumper($refConf);
}

my $refFile  = File::Temp->new( UNLINK => 1 );
my $editFile = File::Temp->new( UNLINK => 1 );
print $refFile $tmp;
print $editFile $tmp;
close $refFile;
close $editFile;

my $editor = $ENV{EDITOR} || 'editor';

my $rc = system $editor, $editFile;

if ( $rc != 0 ) {
    print STDERR "Could not run $editor: $!\n" if $rc == -1;
    print STDERR "$editor returned status code ", ( $rc >> 8 ), "\n" if $rc > 0;
}

if ( $rc == 0 and compare( $refFile->filename, $editFile->filename ) == 1 ) {

    # Check if the new configuration hash is valid
    open my $F1, "<", $editFile->filename();
    my $buf = join( '', <$F1> );
    close $F1;

    my $newConf;
    if ($opt_json) {
        $newConf = JSON::from_json($buf);
    }
    else {
        $newConf = Safe->new->reval($buf);
        die $EVAL_ERROR if $EVAL_ERROR;
    }

    # Update author and date
    $newConf->{cfgAuthor} =
      $ENV{SUDO_USER} || $ENV{LOGNAME} || "lmConfigEditor";
    $newConf->{cfgAuthorIP} = $ENV{SSH_CONNECTION} || "localhost";
    $newConf->{cfgDate}     = time();
    $newConf->{cfgLog} ||= 'Edited by lmConfigEditor';

    # Test new configuration
    my $parser = Lemonldap::NG::Manager::Conf::Parser->new( {
            refConf => $refConf,
            newConf => $newConf,
            req     => 1,
        }
    );
    unless ( $parser->testNewConf( $cli->mgr ) ) {
        print STDERR "Configuration seems to have some errors:\n ";
        print STDERR Dumper(
            { errors => $parser->errors, warnings => $parser->warnings } );
        print STDERR "Are you sure you want to write it ? (yes/no) ";
        my $resp = <STDIN>;
        die "Aborted" unless $resp =~ /^yes$/i;
    }
    undef $parser;

    # Store new configuration
    my $res = $conf->saveConf($newConf);
    if ( $res > 0 ) {
        print STDERR "Configuration $res saved\n";
    }
    else {
        print STDERR "Configuration was not saved:\n  ";
        if ( $res == CONFIG_WAS_CHANGED ) {
            print STDERR "Configuration has changed\n";
        }
        elsif ( $res == DATABASE_LOCKED ) {
            print STDERR "Configuration database is or can not be locked\n";
        }
        elsif ( $res == UPLOAD_DENIED ) {
            print STDERR "You're not authorized to save this configuration\n";
        }
        elsif ( $res == SYNTAX_ERROR ) {
            print STDERR "Syntax error in your configuration\n";
        }
        elsif ( $res == UNKNOWN_ERROR ) {
            print STDERR "Unknown error\n";
        }
    }
}
else {
    print STDERR "Configuration not changed\n";
}

