#!/bin/bash
# This file is part of GNU TALER.
# Copyright (C) 2023 Taler Systems SA
#
# TALER is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 2.1, or (at your option) any later version.
#
# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with
# TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
#
# @author Christian Grothoff
#
#
# Error checking on
set -eu

RESET_DB=0
SKIP_DBINIT=0
FORCE_PERMS=0
DBUSER="taler-exchange-httpd"
DBGROUP="taler-exchange-db"
CFGFILE="/etc/taler/taler.conf"

# Parse command-line options
while getopts 'c:g:hprsu:' OPTION; do
    case "$OPTION" in
        c)
            CFGFILE="$OPTARG"
            ;;
        h)
            echo 'Supported options:'
            echo "  -c FILENAME  -- use configuration FILENAME (default: $CFGFILE)"
            echo "  -g GROUP     -- taler-exchange to be run by GROUP (default: $DBGROUP)"
            echo "  -h           -- print this help text"
            echo "  -r           -- reset database (dangerous)"
            echo "  -p           -- force permission setup even without database initialization"
            echo "  -s           -- skip database initialization"
            echo "  -u USER      -- taler-exchange to be run by USER (default: $DBUSER)"
            exit 0
            ;;
        p)
            FORCE_PERMS="1"
            ;;
        r)
            RESET_DB="1"
            ;;
        s)
            SKIP_DBINIT="1"
            ;;
        u)
            DBUSER="$OPTARG"
            ;;
        ?)
            echo "Unrecognized command line option" 1>&2
            exit 1
        ;;
    esac
done

if ! id postgres > /dev/null
then
    echo "Could not find 'postgres' user. Please install Postgresql first"
    exit 1
fi

if [ "$(id -u)" -ne 0 ]
then
    echo "This script must be run as root"
    exit 1
fi

if [ 0 = "$SKIP_DBINIT" ]
then
    if ! taler-exchange-dbinit -v 2> /dev/null
    then
        echo "Required 'taler-exchange-dbinit' not found. Please fix your installation."
        exit 1
    fi
    DBINIT=$(which taler-exchange-dbinit)
fi

if ! id "$DBUSER" > /dev/null
then
    echo "Could not find '$DBUSER' user. Please set it up first"
    exit 1
fi

echo "Setting up database user '$DBUSER'." 1>&2

if ! sudo -i -u postgres createuser "$DBUSER" 2> /dev/null
then
    echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
fi

DBPATH=$(taler-config \
             -c "$CFGFILE" \
             -s exchangedb-postgres \
             -o CONFIG)

if ! echo "$DBPATH" | grep "postgres://" > /dev/null
then
    echo "Invalid database configuration value '$DBPATH'." 1>&2
    exit 1
fi

DBNAME=$(echo "$DBPATH" \
         | sed \
             -e "s/postgres:\/\/.*\///" \
             -e "s/?.*//")

if sudo -i -u postgres psql "$DBNAME" < /dev/null 2> /dev/null
then
    if [ 1 = "$RESET_DB" ]
    then
        echo "Deleting existing database '$DBNAME'." 1>&2
        if ! sudo -i -u postgres dropdb "$DBNAME"
        then
            echo "Failed to delete existing database '$DBNAME'"
            exit 1
        fi
        DO_CREATE=1
    else
        echo "Database '$DBNAME' already exists, continuing anyway."
        DO_CREATE=0
    fi
else
    DO_CREATE=1
fi

if [ 1 = "$DO_CREATE" ]
then
    echo "Creating database '$DBNAME'." 1>&2

    if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"
    then
        echo "Failed to create database '$DBNAME'"
        exit 1
    fi
fi

if [ 0 = "$SKIP_DBINIT" ]
then
    echo "Initializing database '$DBNAME'." 1>&2
    if ! sudo -u "$DBUSER" "$DBINIT" -c "$CFGFILE"
    then
        echo "Failed to initialize database schema"
        exit 1
    fi
fi

if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]
then
    DB_GRP="$(getent group "$DBGROUP" | sed -e "s/.*://g" -e "s/,/ /g")"
    echo "Initializing permissions for '$DB_GRP'." 1>&2
    for GROUPIE in $DB_GRP
    do
        if [ "$GROUPIE" != "$DBUSER" ]
        then
            if ! sudo -i -u postgres createuser "$GROUPIE" 2> /dev/null
            then
                echo "Database user '$GROUPIE' already existed. Continuing anyway." 1>&2
            fi
            echo -e 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' \
                    'GRANT USAGE ON ALL SEQUENCES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' \
                | sudo -u "$DBUSER" psql "$DBNAME"
            echo -e 'GRANT USAGE ON SCHEMA exchange TO "'"$GROUPIE"'"' \
                | sudo -u "$DBUSER" psql "$DBNAME"
	    # FIXME: double-check the following GRANTs
            echo -e 'GRANT USAGE ON SCHEMA _v TO "'"$GROUPIE"'"' \
                | sudo -u "$DBUSER" psql "$DBNAME"
            echo -e 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA _v TO "'"$GROUPIE"'"' \
                | sudo -u "$DBUSER" psql "$DBNAME"


        fi
    done
fi

echo "Database configuration finished." 1>&2

exit 0
