#!/bin/sh
set -eu

## BEGIN configuration

# Where is WooCommerce?
WOOHOST=http://127.0.0.1:9999

# Name of the shop for the user
SHOP_NAME="WooTaler Shop"

# Ego of the zone for the RP in GNS
SHOP_ZONE=wootaler-shop

# Which attributes does WooCommerce want from the IdP?
OIDC_SCOPE="openid given_name family_name email address phone"

# URL where GNUnet REST service is listening for requests
GNUNET_REST="http://localhost:7776/openid/"

## END configuration

# Setup GNUnet REST credentials
OIDC_CLIENT_SECRET=`uuid`
gnunet-config -s reclaim-rest-plugin -o OIDC_CLIENT_SECRET -V "$OIDC_CLIENT_SECRET"

# Start GNUnet
gnunet-arm -s

# Setup Zone for RP
gnunet-identity -C "$SHOP_ZONE"
OIDC_CLIENT_IDENTITY=`gnunet-identity -dq -e $SHOP_ZONE`

# Tell reclaim where the RP expects the authorization callback
gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_REDIRECT -V ${WOOHOST}/wp-admin/admin-ajax.php?action=openid-connect-authorize -e 1h -p

# Tell reclaim the name of the shop that asks for permissions (to be shown to the user)
gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_CLIENT -V "$SHOP_NAME" -e 1h -p

# Setup ReClaim as OIDC provider with WooCommerce
cd /var/www/wordpress


sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_id "${OIDC_CLIENT_IDENTITY}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_secret "${OIDC_CLIENT_SECRET}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings scope "${OIDC_SCOPE}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_login "https://api.reclaim/openid/authorize"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_userinfo "${GNUNET_REST}/userinfo"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_token "${GNUNET_REST}/token"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_end_session ""
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identity_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings no_sslverify "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings nickname_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings displayname_format "{given_name} {full_name}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identify_with_username "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings enable_logging "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings redirect_user_back "1"