#!/bin/bash
# This file is part of GNU TALER.
# Copyright (C) 2023 Taler Systems SA
#
# TALER is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 2.1, or (at your option) any later version.
#
# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with
# TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
#
# @author Christian Grothoff
# @author Florian Dold

# Error checking on
set -eu

# 1 is true, 0 is false
RESET_DB=0
SKIP_DBINIT=0
FORCE_PERMS=0
NEXUS_DBUSER="libeufin-nexus"
BANK_DBUSER="libeufin-bank"
NEXUS_CFGFILE="/etc/libeufin/libeufin-nexus.conf"
BANK_CFGFILE="/etc/libeufin/libeufin-bank.conf"

function exit_fail() {
  echo "$@" >&2
  exit 1
}

# Parse command-line options
while getopts ':hn:b:d:rsu:v:' OPTION; do
  case "$OPTION" in
  h)
    echo 'Supported options:'
    echo "  -r                 -- reset database (dangerous)"
    echo "  -s                 -- skip database initialization"
    echo "  -p           -- force permission setup even without database initialization"
    echo "  -u NEXUS_USER      -- libeufin-nexus to be run by USER (default: $NEXUS_DBUSER)"
    echo "  -v BANK_USER       -- libeufin-bank to be run by USER (default: $BANK_DBUSER)"
    exit 0
    ;;
  r)
    RESET_DB="1"
    ;;
  s)
    SKIP_DBINIT="1"
    ;;
  u)
    NEXUS_DBUSER="$OPTARG"
    ;;
  v)
    BANK_DBUSER="$OPTARG"
    ;;

  ?)
    exit_fail "Unrecognized command line option"
    ;;
  esac
done

if ! id postgres >/dev/null; then
  exit_fail "Could not find 'postgres' user. Please install Postgresql first"
fi

if [ "$(id -u)" -ne 0 ]; then
  exit_fail "This script must be run as root"
fi

# If dbinit, then check if the tools are available.
if [ 0 = "$SKIP_DBINIT" ]; then
  if ! libeufin-nexus-dbinit --help 1>/dev/null; then
    exit_fail "Required 'libeufin-nexus-dbinit' not found. Please fix your installation."
  fi
  NEXUS_DBINIT=$(which libeufin-nexus-dbinit)
  if ! libeufin-bank-dbinit --help 1>/dev/null; then
    exit_fail "Required 'libeufin-bank-dbinit' not found. Please fix your installation."
  fi
  BANK_DBINIT=$(which libeufin-bank-dbinit)
fi

# Before running the tools, check if the OS users exist.
if ! id "$NEXUS_DBUSER" >/dev/null; then
  echo "Could not find '$NEXUS_DBUSER' user.  Cannot continue"
fi
if ! id "$BANK_DBUSER" >/dev/null; then
  exit_fail "Could not find '$BANK_DBUSER' user. Cannot continue"
fi

# Now provide the DB users, whose names match the OS users.
echo "Setting up database user $NEXUS_DBUSER." 1>&2
if ! sudo -i -u postgres createuser "$NEXUS_DBUSER" 2>/dev/null; then
  echo "Database user '$NEXUS_DBUSER' already existed. Continuing anyway." 1>&2
fi

echo "Setting up database user $BANK_DBUSER." 1>&2
if ! sudo -i -u postgres createuser "$BANK_DBUSER" 2>/dev/null; then
  echo "Database user '$BANK_DBUSER' already existed. Continuing anyway." 1>&2
fi

# When using this dbconfig script, the libeufin-bank and libeufin-nexus
# databases *must* match.

NEXUS_DBPATH=$(libeufin-nexus config get nexus-postgres CONFIG | libeufin-nexus config get libeufin-nexusdb-postgres CONFIG)

if ! echo "$NEXUS_DBPATH" | grep "postgres://" >/dev/null; then
  echo "Invalid libeufin-nexus database configuration value '$NEXUS_DBPATH'." 1>&2
  exit 1
fi

# Remove URI, host and query from postgres URI.
NEXUS_DBNAME=$(echo "$NEXUS_DBPATH" | sed -e 's|postgres://.*/||' -e 's|?.*||')

BANK_DBPATH=$(libeufin-bank config get libeufin-bankdb-postgres CONFIG)

if ! echo "$BANK_DBPATH" | grep "postgres://" >/dev/null; then
  echo "Invalid libeufin-bank database configuration value '$BANK_DBPATH'." 1>&2
  exit 1
fi

# Remove URI, host and query from postgres URI.
BANK_DBNAME=$(echo "$BANK_DBPATH" | sed -e 's|postgres://.*/||' -e 's|?.*||')

if [[ $NEXUS_DBNAME != "$BANK_DBNAME" ]]; then
  echo "Database names for libeufin-bank and libeufin-nexus must match ($NEXUS_DBNAME vs $BANK_DBNAME)" 1>&2
  exit 1
fi

# Both are the same now!
DBNAME=$BANK_DBNAME
# The DB is created by the nexus user.
# This is an arbitrary choice we make here.
DBUSER=$NEXUS_DBUSER

if sudo -i -u postgres psql "$DBNAME" </dev/null 2>/dev/null; then
  if [ 1 = "$RESET_DB" ]; then
    echo "Deleting existing database '$DBNAME'." 1>&2
    if ! sudo -i -u postgres dropdb "$DBNAME"; then
      echo "Failed to delete existing database '$DBNAME'"
      exit 1
    fi
    DO_CREATE=1
  else
    echo "Database '$DBNAME' already exists, continuing anyway."
    DO_CREATE=0
  fi
else
  DO_CREATE=1
fi

if [ 1 = "$DO_CREATE" ]; then
  echo "Creating database '$DBNAME'." 1>&2
  if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"; then
    echo "Failed to create database '$DBNAME'"
    exit 1
  fi
fi

# We first initialize the libeufin-nexus DB
# and then adjust permissions for the _v schema,
# so that libeufin-bank can properly initialize
# its DB without running into permission problems.

if [ 0 = "$SKIP_DBINIT" ]; then
  echo "Initializing database '$DBNAME' for libeufin-nexus." 1>&2
  sudo -u "$NEXUS_DBUSER" "$NEXUS_DBINIT" -c "$NEXUS_CFGFILE"
fi

if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
  echo "Setting postgres permissions for $BANK_DBUSER" 1>&2
  if ! echo "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO \"$BANK_DBUSER\"" |
    sudo -i -u postgres psql "$DBNAME"; then
    exit_fail "Failed to grant access to database '$DBNAME' to '$BANK_DBUSER'."
  fi
  if ! echo "GRANT USAGE ON SCHEMA _v TO \"$BANK_DBUSER\"" |
    sudo -i -u postgres psql "$DBNAME"; then
    exit_fail "Failed to grant usage privilege on schema '_v' to '$BANK_DBUSER'."
  fi
  if ! echo "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA _v TO \"$BANK_DBUSER\"" |
    sudo -i -u postgres psql "$DBNAME"; then
    exit_fail "Failed to grant access to schema '_v' to '$BANK_DBUSER'."
  fi
  if ! echo "GRANT USAGE ON SCHEMA libeufin_nexus TO \"$BANK_DBUSER\"" |
    sudo -i -u postgres psql "$DBNAME"; then
    exit_fail "Failed to grant usage privilege on schema 'libeufin_nexus' to '$BANK_DBUSER'."
  fi
  if ! echo "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA libeufin_nexus TO \"$BANK_DBUSER\"" |
    sudo -i -u postgres psql "$DBNAME"; then
    exit_fail "Failed to grant all privileges on schema 'libeufin_nexus' to '$BANK_DBUSER'."
  fi
fi

if [ 0 = "$SKIP_DBINIT" ]; then
  echo "Initializing database '$DBNAME' for libeufin-bank." 1>&2
  sudo -u "$BANK_DBUSER" "$BANK_DBINIT" -c "$BANK_CFGFILE"
fi

if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
  echo "Setting postgres permissions for $NEXUS_DBUSER" 1>&2
  if ! echo "GRANT USAGE ON SCHEMA libeufin_bank TO \"$NEXUS_DBUSER\"" |
    sudo -i -u postgres psql "$DBNAME"; then
    exit_fail "Failed to grant usage privilege on schema 'libeufin_bank' to '$NEXUS_DBUSER'."
  fi
  if ! echo "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA libeufin_bank TO \"$NEXUS_DBUSER\"" |
    sudo -i -u postgres psql "$DBNAME"; then
    exit_fail "Failed to grant all privileges on schema 'libeufin_bank' to '$NEXUS_DBUSER'."
  fi
fi

echo "Database configuration finished." 1>&2