#!/bin/bash

##
## BitDeals Module configuration helper script for Docker Container.
## It writes an Environment variables to the daemon config files.
## And can generate a Bitcoing and PGP key filies at first start.
##

## Daemon config files
DM_CONF_FILE="/etc/dm/dm.conf"
OAUTH_CONF_FILE="/etc/dm/oauth2/default.json"
PGP_PUB_FILE="/etc/dm/pgp.pub"
PGP_SEC_FILE="/etc/dm/pgp.sec"

## Write a variables to config file
sed -i "/\[main\]/,/\[/ s/user=.*/user=module/" "$DM_CONF_FILE"
sed -i "/\[main\]/,/\[/ s/group=.*/group=module/" "$DM_CONF_FILE"
sed -i "/\[daemon\]/,/\[/ s/daemon=.*/daemon=false/" "$DM_CONF_FILE"
sed -i "/\[server\]/,/\[/ s/listen=.*/listen=0.0.0.0/" "$DM_CONF_FILE"

## Write the PGP keys locations to the config
sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" "$DM_CONF_FILE"
sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$PGP_PUB_FILE%" "$DM_CONF_FILE"

## Write a user variables to the daemon config files.
## This code removes '/' from user variables to sanitize `sed` code injections.
test -z "$BITCOIN" || sed -i "/\[module\]/,/\[/ s/^address=.*/address=${BITCOIN//\/}/" "$DM_CONF_FILE"
test -z "$FEE" || sed -i "/\[module\]/,/\[/ s/^fee=.*/fee=${FEE//\/}/" "$DM_CONF_FILE"
test -z "$PASSWORD" || sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=${PASSWORD//\/}/" "$DM_CONF_FILE"
test -z "$CLIENT_ID" || sed -i "/\"web\": {/,/}/ s/\"client_id\".*/\"client_id\": \"${CLIENT_ID//\/}\",/" "$OAUTH_CONF_FILE"
test -z "$CLIENT_SECRET" || sed -i "/\"web\": {/,/}/ s/\"client_secret\".*/\"client_secret\": \"${CLIENT_SECRET//\/}\",/" "$OAUTH_CONF_FILE"
test -z "$PGP_PUB" || echo "$PGP_PUB" > "$PGP_PUB_FILE"
test -z "$PGP_SEC" || echo "$PGP_SEC" > "$PGP_SEC_FILE"

## Create new PGP keys. If PGP file is empty.
if [ ! -e "$PGP_SEC_FILE" ] 
then
	echo -e "\nThe PGP key is empty. Generating new PGP key...\n"
	test -z "$ACCOUNT_URL" && { echo -n "Please enter your site URL like https://example.com : " ; read ACCOUNT_URL ;}

	#GNUPGHOME="$(mktemp -d)" ;#- works for gpg2
	gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
		--pinentry-mode loopback --passphrase "$PASSWORD" \
		--batch --gen-key 2>/dev/null <<-EOF
	Key-Type: RSA
	Key-Usage: cert,sign
	Key-Length: 1024
	Subkey-Type: RSA
	Subkey-Usage: encr
	Subkey-Length: 1024
	Name-Real: Account_URL
	Name-Comment: ${ACCOUNT_URL:-https://example-$RANDOM.com}
	Expire-Date: 0
EOF
	echo
	tput setaf 7
	#cat $GNUPGHOME/openpgp-revocs.d/*.rev
	cat /root/.gnupg/openpgp-revocs.d/*.rev | sed -e "/^pub/,+2 { s/.*/$(tput sgr0)$(tput bold)&$(tput sgr0)$(tput setaf 7)/; }"
	tput setaf 3
	gpg --armor --export --passphrase "$PASSWORD" | tee "$PGP_PUB_FILE"
	tput setaf 4
	gpg --armor --export-secret-keys --passphrase "$PASSWORD" | tee "$PGP_SEC_FILE"
	tput sgr0

	pkill gpg-agent 2>/dev/null
else
	echo -e "\nNOTE:Your PGP keyfiles location: $(dirname $PGP_PUB_FILE) \n"
fi

## Change PGP keyfiles owner
test -e "$PGP_PUB_FILE" && chown module:module "$PGP_PUB_FILE"
test -e "$PGP_SEC_FILE" && chown module:module "$PGP_SEC_FILE"
test -e "$PGP_SEC_FILE" && chmod 600 "$PGP_SEC_FILE"

## Get bitcoin address from the daemon config
DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $DM_CONF_FILE)"

## Create new Bitcoin keys. If address is empty.
if [ -z "$DM_BITCOIN" ]
then
	echo -e "\nThe Bitcoin key is empty. Generating new Bitcoin key...\n"

	B=$(tput bold)
	N=$(tput sgr0)

	## Generate bitcoin keys
	PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
	PUBKEY="$(bx ec-to-public $PRIVKEY)"
	BITCOIN="$(bx ec-to-address $PUBKEY)"
	PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)"

	## Write the bitcoin address to the daemon config
	sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" "$DM_CONF_FILE"

	## Show bitcoin keys
	echo -e "Please backup these\t${B}BITCOIN KEYS:${N}"
	echo -e "PRIVATE KEY (raw form):\t${B}$PRIVKEY${N}"
	echo -e "PRIVATE KEY (WIF form):\t${B}$PRIVKEYWIF${N}"
	echo -e "Bitcoin public key:\t${B}$PUBKEY${N}"
	echo -e "Bitcoin address:\t${B}$BITCOIN${N}\n"
fi

## Password notice
echo "$PASSWORD" | grep -q "/" && \
	( echo -n -e "\n$(tput bold)WARN:$(tput sgr0)Please, write your 'passphrase=$PASSWORD'" | grep --color=auto -z -E "/" ; echo -n -e " to $DM_CONF_FILE manually.\n" )
## API credentials notice
test -z "$CLIENT_ID" -o -z "$CLIENT_SECRET" && \
	echo -e "NOTE:Please visit a BitDeals site to get your API credentials: $(tput smul)\$CLIENT_ID$(tput rmul) and $(tput smul)\$CLIENT_SECRET$(tput rmul).\n"

## Run the daemon
exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf