#!/usr/bin/bash

# shellcheck disable=SC2016,SC1091

CLN_SERVER="https://cln.cloudlinux.com/cln/api/els/token/register"
CLN_UNREGISTER_SERVER="https://cln.cloudlinux.com/cln/api/els/token/unregister"
LICENSE=""
HOSTNAME="$(hostname)"
LOGFILE="/var/log/tuxctl.log"
FIPS_REGEX=" 9\.(2|6|10) "
HTTP_REGEX="HTTP/[0-3\.]+ 200 "

show_usage() {
    echo 'Usage: tuxctl [OPTION]...'
    echo ''
    echo '  -l, --license-key   User license key'
    echo '  -f, --force         Force re-register if TuxCare exists'
    echo '  -d, --delete        Delete license from server'
    echo '  -v, --validate      Check if server is registered'
    echo '  -h, --help          Show this message and exit'
}

esu_installed() {
    if [[ -f /etc/dnf/vars/tuxcare_token ]]; then
        return 0
    else
        return 1
    fi
}

# exit if no arguments
if [ $# -lt 1 ]; then
    show_usage
    exit 0
fi

for opt in "$@"; do
    case ${opt} in
        -l|--license-key)
            LICENSE=$2 ; shift ;;
        -f|--force)
            FORCE=true ; shift ;;
        -d|--delete)
            DELETE=true ; shift ;;
        -v|--validate)
            VALIDATE=true ; shift ;;
        -h|--help)
            show_usage ; exit 0 ;;
    esac
done

# check if it is not running under root
if [ "$EUID" -ne 0 ]; then
    echo "Please run as root"
    exit 1
fi

if [[ -n $VALIDATE ]]; then
    if esu_installed; then
        echo "Server is registered with token $(cat /etc/dnf/vars/tuxcare_token)"
        exit 0
    else
        echo "Server is not registered"
        exit 1
    fi
fi

if [[ -n $FORCE ]]; then
    rm -f /etc/dnf/vars/tuxcare_token
fi

# unregister server
if [[ -n $DELETE ]]; then
    if ! esu_installed; then
        echo "Server is not registered"
        exit 1
    fi

    # delete is not currently supported with eportal
    if [[ -f /etc/sysconfig/tuxcare/eportal.env ]]; then
        echo "De-registration is not supported with eportal"
        exit 1
    fi

    CLN_UNREGISTER=$(curl -s -i -X POST "$CLN_UNREGISTER_SERVER?token=$(cat /etc/dnf/vars/tuxcare_token)")

    if [[ ! "$CLN_UNREGISTER" =~ $HTTP_REGEX ]]; then
        echo "Got incorrect status from CLN: $CLN_UNREGISTER"
        exit 1
    else
        echo "De-registration successful"
        rm -f /etc/dnf/vars/tuxcare_token
        exit 0
    fi
fi

# check architecture
ARCH=$(uname -i)
case "${ARCH}" in
    x86_64|aarch64)
        ;;
    *)
        echo "ERROR: ${ARCH} architecture is not supported by tuxctl"
        exit 1
        ;;
esac

# check release files
if [[ -f /etc/almalinux-release ]]; then
    os_release="$(cat /etc/almalinux-release)"
elif [[ -f /etc/rocky-release ]]; then
    os_release="$(cat /etc/rocky-release)"
else
    echo "ERROR: This OS is not supported"
    exit 1
fi

if [[ ! -f /etc/dnf/vars/tuxcare_releasever ]]; then
    echo "ERROR: This server doesn't have TuxCare. Please install tuxcare-release package"
    exit 1
fi

# check if TuxCare is installed
if [[ -f /etc/dnf/vars/tuxcare_token ]]; then
    echo "This server already has an TuxCare token installed"
    echo "To force re-registration, please run the script with --force"
    exit 1
fi

####################################################################
# The code below is used to register the server in CLN or eportal, obtain a token and configure ESU repositories
if [[ -f /etc/sysconfig/tuxcare/eportal.env ]]; then
    # defines $EPORTAL_TUXCARE_REPO and $CLN_TUXCARE_TOKEN
    . /etc/sysconfig/tuxcare/eportal.env
else
    # get token
    CLN_REGISTER=$(curl -s -i -X POST -H "Content-Type: application/json" -H "accept: */*" -d "{\"key\": \"$LICENSE\", \"host_name\": \"$HOSTNAME\"}" "$CLN_SERVER")
    echo "CLN server answer:" >> $LOGFILE
    echo "$CLN_REGISTER" >> $LOGFILE
    if [[ ! "$CLN_REGISTER" =~ $HTTP_REGEX ]]; then
        echo "ERROR: Got incorrect status from CLN: $CLN_REGISTER"
        exit 1
    fi

    CLN_TUXCARE_TOKEN=$(echo "$CLN_REGISTER" | grep -oP '"token":"\K[\w\d-]*')
    if [[ -z $CLN_TUXCARE_TOKEN ]]; then
        echo "ERROR: Something went wrong. Token is not defined"
        echo "Check $LOGFILE for details"
        exit 1
    fi

    CLN_PRODUCT_ID=$(echo "$CLN_REGISTER" | grep -oP '"product_id":\K[\w\d-]*')
    if [[ -z $CLN_PRODUCT_ID ]]; then
        echo "ERROR: Something went wrong. Product ID is not defined"
        echo "Check $LOGFILE for details"
        exit 1
    fi
fi

# Setting "updates" repo
echo "${CLN_TUXCARE_TOKEN}" > /etc/dnf/vars/tuxcare_token

# enable ESU repo if we are running a FIPS release
if [[ "${os_release}" =~ $FIPS_REGEX ]]; then
    dnf config-manager --set-enabled tuxcare-esu
fi

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-TuxCare
echo "TuxCare installed successfully"

exit 0
