#!/bin/bash

set -eux

NTFY_BROKER="${NTFY_BROKER:-core-01.0k.io}"


## Uncipher ntfy key to destination

umask 077
ntfy_key_ciphered="src/etc/ssh/ntfy-key"
if [ ! -f "$ntfy_key_ciphered" ]; then
    echo "Error: ciphered ntfy key not found" >&2
    exit 1
fi

ntfy_key_dest=/etc/ssh/ntfy-key
if [ ! -f "$ntfy_key_dest" ]; then
    cat "$ntfy_key_ciphered" |
        gpg -d --batch --yes --passphrase 'uniquepass' > "$ntfy_key_dest" || {
        echo "Error while unpacking ntfy key to '${ntfy_key_dest}'" >&2
        exit 1
    }
fi


## Request token to ntfy server and add to config file 

known_host="/root/.ssh/known_hosts"
if ! ssh-keygen -F "$NTFY_BROKER" -f "$known_host" >/dev/null; then
    ssh-keyscan -H "$NTFY_BROKER" >> "$known_host" || {
        echo "Error while adding '$NTFY_BROKER' to known_hosts" >&2
        exit 1
    }
fi

config_file="/etc/ntfy/ntfy.conf"
mkdir -p "${config_file%/*}"
if ! [ -f "$config_file" ]; then
    touch "$config_file" || {
        echo "Error: couldn’t create config file '$config_file'" >&2;
        exit 1
    }
fi

LOGIN=""
PASSWORD=""
source "$config_file" || {
    echo "Error: couldn't source config file '$config_file'" >&2
    exit 1
}

## Note that we require the forcing of stdin to /dev/null to avoid
## the rest of the script to be vacuumed by the ssh command.
## This effect will only happen when launching this script in special
## conditions involving stdin.
cred=$(ssh -i "$ntfy_key_dest" ntfy@"${NTFY_BROKER}" \
           request-token "$LOGIN" "$PASSWORD" </dev/null) || {
    echo "Error while requesting token to ntfy server" >&2
    exit 1
}

## XXXvlab: ideally it should be received from the last call
server="https://ntfy.0k.io/"
login=$(printf "%q" "${cred%$'\n'*}")
password=$(printf "%q" "${cred#*$'\n'}")

## check if password doesn't contain '%'

for var in server login password; do
    if [ "${!var}" == "''" ] || [[ "${!var}" == *$'\n'* ]]; then
        echo "Error: empty or invalid multi-line values retrieved for '$var'" \
             "from ntfy server. Received:" >&2
        printf "%s" "$cred" | sed -r 's/^/  | /g' >&2
        exit 1
    fi
    if [[ "${!var}" == *%* ]]; then
        ## We need a separator char for sed replacement in the config file
        echo "Error: forbidden character '%' found in $var" >&2
        exit 1
    fi
    if grep -qE "^${var^^}=" "$config_file"; then
        sed -ri "s%^${var^^}=.*$%${var^^}=\"${!var}\"%g" "$config_file"
    else
        echo "${var^^}=\"${!var}\"" >> "$config_file"
    fi
done


if ! [ -f "/etc/ntfy/topics.yml" ]; then
    cat <<'EOF' > /etc/ntfy/topics.yml
.*\.(emerg|alert|crit|err|warning|notice):
  - ${LOGIN}_main
EOF
fi


## provide 'send' command

cp -f "$PWD/src/bin/send" /usr/local/bin/send