#!/bin/sh
set -eu

## BEGIN configuration

# Where is WooCommerce?
WOOHOST=http://127.0.0.1:9999

# Name of the shop for the user
SHOP_NAME="WooTaler Shop"

# Ego of the zone for the RP in GNS
SHOP_ZONE=wootaler-shop

# Which attributes does WooCommerce want from the IdP?
OIDC_SCOPE="openid given_name family_name email address phone"

# URL where GNUnet REST service is listening for requests
GNUNET_REST="http://localhost:7776/openid/"

## END configuration

# Download and install GNUnet

apt install \
    screen \
    gcc \
    make\
    autoconf\
    automake \
    libtool\
    libgcrypt20-dev\
    libsqlite3-dev\
    gettext\
    libgnutls28-dev\
    libcurl4-gnutls-dev\
    libunistring-dev\
    libidn2-dev\
    libjansson-dev\
    openssl\
    pkgconf\
    libltdl-dev\
    zlib1g-dev\
    libsodium-dev\
    python3.7\
    texi2html\
    texinfo 

# This installs MHD and GNUnet to /usr, overwriting (!)
# the Debian package. We do that to get some minimal
# setup from Debian, and also so that IF in the future
# Debian does include a sufficiently recent GNUnet
# package, we can simply remove these lines:
cd /root
git clone git://git.gnunet.org/libmicrohttpd.git
cd libmicrohttpd
./bootstrap
./configure --prefix=/usr/
make install
cd /root
git clone git://git.gnunet.org/gnunet.git
cd gnunet
./bootstrap
./configure --prefix=/usr/
make install

# Use the user 'reclaim' for the reclaim/OIDC service.
echo "Setting up users gnunet and reclaim"
addgroup gnunet
adduser --system --disabled-password --ingroup gnunet gnunet
adduser --system --disabled-password --ingroup gnunet reclaim

echo "Updating GNUnet configuration"
touch /etc/gnunet.conf
chown gnunet:gnunet /etc/gnunet.conf
sudo -u gnunet gnunet-config -c /etc/gnunet.conf -s arm -o START_USER_SERVICES -V NO
sudo -u gnunet gnunet-config -c /etc/gnunet.conf -s arm -o START_SYSTEM_SERVICES -V YES

echo "Setting up reclaim GNUnet peer"
sudo -u reclaim gnunet-config -s arm -o START_USER_SERVICES -V YES
sudo -u reclaim gnunet-config -s arm -o START_SYSTEM_SERVICES -V NO
sudo -u reclaim gnunet-config -s rest -o BIND_TO -V 0.0.0.0

# Setup GNUnet REST credentials
echo "Configuring GNUnet REST credentials"
OIDC_CLIENT_SECRET=`uuid`

sudo -u reclaim gnunet-config -s reclaim-rest-plugin -o OIDC_CLIENT_SECRET -V "$OIDC_CLIENT_SECRET"



echo "Setting up systemd integration"
cat - > /etc/systemd/system/reclaim.service <<EOF
[Unit]
Description = GNUnet for reclaim
After=network.target
[Service]
Type=simple
User=reclaim
ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm
WorkingDirectory=/home/reclaim
[Install]
WantedBy=multi-user.target
EOF

cat - > /etc/systemd/system/gnunet.service <<EOF
[Unit]
Description = GNUnet main service
After=network.target
[Service]
Type=simple
User=gnunet
ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf
WorkingDirectory=/home/gnunet
[Install]
WantedBy=multi-user.target
EOF

echo "Reloading systemd configuration"
systemctl daemon-reload

# Restart GNUnet (system service)
echo "Enabling and starting gnunet service"
systemctl enable gnunet
systemctl start gnunet

echo "Enabling and starting reclaim service"
systemctl enable reclaim
systemctl start reclaim

echo "Setting up RP zone"

# Setup Zone for RP
sudo -u reclaim gnunet-identity -C "$SHOP_ZONE"
OIDC_CLIENT_IDENTITY=`sudo -u reclaim gnunet-identity -dq -e $SHOP_ZONE`

# Tell reclaim where the RP expects the authorization callback
sudo -u reclaim gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_REDIRECT -V ${WOOHOST}/wp-admin/admin-ajax.php?action=openid-connect-authorize -e 1h -p

# Tell reclaim the name of the shop that asks for permissions (to be shown to the user)
sudo -u reclaim gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_CLIENT -V "$SHOP_NAME" -e 1h -p

echo "Setting up Reclaim as OIDC provider"
# Setup ReClaim as OIDC provider with WooCommerce
cd /var/www/wordpress


sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_id "${OIDC_CLIENT_IDENTITY}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_secret "${OIDC_CLIENT_SECRET}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings scope "${OIDC_SCOPE}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_login "https://api.reclaim/openid/authorize"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_userinfo "${GNUNET_REST}/userinfo"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_token "${GNUNET_REST}/token"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_end_session ""
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identity_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings no_sslverify "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings nickname_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings displayname_format "{given_name} {full_name}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identify_with_username "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings enable_logging "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings redirect_user_back "1"