#!/bin/bash

##
## BitDeals Module configuration helper script for Docker Container.
## It writes an Environment variables to the daemon config files.
## And can generate a Bitcoing and PGP key filies at first start.
##

## Uncomment this to receive the key from keyserver
#BITDEALS_KEY_FPR="7CAB360151502F5A1E14E22BF263C9207A1CC3B3"

DM_TESTNET=${DM_TESTNET:-0} 

## Daemon config files
CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf")
OAUTH_CONF_FILE="/etc/dm/oauth2/default.json"
BITDEALS_ASC_FILE="/etc/dm/bitdeals.asc"
BITDEALS_TEST_ASC_FILE="/etc/dm/bitdeals-test.asc"
PGP_SEC_FILE="/etc/dm/pgp.sec"
BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg"

#tput variable for color output
export TERM=xterm

## Write a variables to config file
sed -i "/\[main\]/,/\[/ s/.*user=.*/user=module/" $CONF_FILES
sed -i "/\[main\]/,/\[/ s/.*group=.*/group=module/" $CONF_FILES
sed -i "/\[daemon\]/,/\[/ s/.*daemon=.*/daemon=false/" $CONF_FILES
sed -i "/\[server\]/,/\[/ s/.*listen=.*/listen=0.0.0.0/" $CONF_FILES
sed -i "/\[server\]/,/\[/ s/.*port=.*/port=4999/" $CONF_FILES

## Write the PGP keys locations to the config
sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" $CONF_FILES
test "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true \
	&& sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_TEST_ASC_FILE%" $CONF_FILES \
	|| sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_ASC_FILE%" $CONF_FILES

## Write a user variables to the daemon config files.
## This code removes '/' from user variables to sanitize `sed` code injections.
test -z "$DM_BITCOIN" || sed -i "/\[module\]/,/\[/ s/^address=.*/address=${DM_BITCOIN//\/}/" $CONF_FILES
test -z "$DM_FEE" || sed -i "/\[module\]/,/\[/ s/^#\?fee=.*/fee=${DM_FEE//\/}/" $CONF_FILES
test -z "$DM_PGP_PASSWORD" || sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=${DM_PASSWORD//\/}/" $CONF_FILES
test -z "$DM_CLIENT_ID" || sed -i "/\"web\": {/,/}/ s/\"client_id\".*/\"client_id\": \"${DM_CLIENT_ID//\/}\",/" "$OAUTH_CONF_FILE"
test -z "$DM_CLIENT_SECRET" || sed -i "/\"web\": {/,/}/ s/\"client_secret\".*/\"client_secret\": \"${DM_CLIENT_SECRET//\/}\",/" "$OAUTH_CONF_FILE"
test "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true && sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=true/" $CONF_FILES

test -z "$BITDEALS_ASC" || echo "$BITDEALS_ASC" > "$BITDEALS_ASC_FILE"
test -z "$BITDEALS_TEST_ASC" || echo "$BITDEALS_TEST_ASC" > "$BITDEALS_TEST_ASC_FILE"
test -z "$DM_PGP_SEC" || echo "$PGP_SEC" > "$PGP_SEC_FILE"


## Get BitDeals PGP key by fingerprint
if ! [ -z $BITDEALS_KEY_FPR ]
then
	test "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true && i="$BITDEALS_TEST_ASC_FILE" || i="$BITDEALS_ASC_FILE" 
	gpg --keyserver keyserver.ubuntu.com --recv-keys "$BITDEALS_KEY_FPR" && \
	gpg --armor --export "$BITDEALS_KEY_FPR" | tee "$i"
	gpgconf --kill all
fi

## Create new PGP keys. If PGP file is empty.
if [ ! -e "$PGP_SEC_FILE" ] 
then
	echo -e "\nThe PGP key is empty. Generating new PGP key...\n"
	test -z "$DM_ACCOUNT_URL" && { echo -n "Please enter your site URL like https://example.com : " ; read DM_ACCOUNT_URL ;}

	#GNUPGHOME="$(mktemp -d)" ;#- works for gpg2
	gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
		--pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \
		--batch --gen-key 2>/dev/null <<-EOF
	Key-Type: RSA
	Key-Usage: cert,sign
	Key-Length: 1024
	Subkey-Type: RSA
	Subkey-Usage: encr
	Subkey-Length: 1024
	Name-Real: Account_URL
	Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM.com}
	Expire-Date: 0
EOF
	echo
	#tput setaf 7
	#cat $GNUPGHOME/openpgp-revocs.d/*.rev
	#cat /root/.gnupg/openpgp-revocs.d/*.rev | sed -e "/^pub/,+2 { s/.*/$(tput sgr0)$(tput bold)&$(tput sgr0)$(tput setaf 7)/; }"
	#gpg -k --keyid-format long | grep -A4 -E "^pub"
	gpg -k --keyid-format long 2>/dev/null | tail -n5
	tput setaf 2
	gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE"
	tput sgr0
	gpgconf --kill all
else
	echo -e "NOTE:Your PGP key location: $PGP_SEC_FILE"
fi

## Change PGP keyfiles owner
test -e "$BITDEALS_ASC_FILE" && chown module:module "$BITDEALS_ASC_FILE"
test -e "$PGP_SEC_FILE" && chown module:module "$PGP_SEC_FILE"
test -e "$PGP_SEC_FILE" && chmod 600 "$PGP_SEC_FILE"

## Setup testnet settings in libbitcoin-explorer config
test "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true && \
	 sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \
		-e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \
		-e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \
		-e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \
		-e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \
		-e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \
		-e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \
		-e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \
		-e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \
		-e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \
		-e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \
		-e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \
		-e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \
		-e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE" 

## Get bitcoin address from the daemon config
DM_BITCOIN_="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)"

## Create new Bitcoin keys. If address is empty.
if [ -z "$DM_BITCOIN_" ]
then
	echo -e "\nThe Bitcoin key is empty. Generating new Bitcoin key...\n"

	B=$(tput bold ; tput setaf 1)
	N=$(tput sgr0)

	## Generate bitcoin keys
	PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
	PUBKEY="$(bx ec-to-public $PRIVKEY)"
	BITCOIN="$(bx ec-to-address $PUBKEY)"
	PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)"

	## Write the bitcoin address to the daemon config
	sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" $CONF_FILES

	## Show bitcoin keys
	echo -e "Please backup these\t${B}BITCOIN KEYS:${N}"
	echo -e "PRIVATE KEY (raw form):\t${B}$PRIVKEY${N}"
	echo -e "PRIVATE KEY (WIF form):\t${B}$PRIVKEYWIF${N}"
	echo -e "Bitcoin public key:\t${B}$PUBKEY${N}"
	echo -e "Bitcoin address:\t${B}$BITCOIN${N}\n"
fi

## Password notice
echo "$DM_PGP_PASSWORD" | grep -q "/" && \
	( echo -n -e "\n$(tput bold)WARN:$(tput sgr0)Please, write your 'passphrase=$DM_PGP_PASSWORD'" | grep --color=auto -z -E "/" ; echo -n -e " to $DM_CONF_FILE manually." )
## API credentials notice
test -z "$CLIENT_ID" -o -z "$CLIENT_SECRET" && \
	echo -e "\nNOTE:Please visit a BitDeals site to get your API credentials: $(tput smul)\$CLIENT_ID$(tput rmul) and $(tput smul)\$CLIENT_SECRET$(tput rmul).\n"

## Run the daemon
exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@