#!/bin/bash

RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color

# Am I root?
if [ "x$(id -u)" != 'x0' ]; then
    echo -e "${RED}Error: this script can only be executed by root${NC}"
    exit 1
fi

echo "If you are installing DisWall on a new server it is advised to install all socket-listening software first."
echo "All software like nginx, postfix, dovecot, all sorts of API servers should be installed and running for DisWall to determine which ports to open in firewall configuration."

read -rsn1 -p "Press enter to continue or Ctrl+C to abort installation." input < /dev/tty; echo

if [ -x "$(command -v ufw)" ]; then
  if ufw status | grep -qv "inactive"; then
    echo -e "${RED}Error: You have ufw installed. DisWall works only with iptables or nftables${NC}" >&2
    exit 1
  else
    echo "Note: You have installed UFW, and it is now inactive. But if you enable it, it will mess things up."
  fi
fi

if command -v iptables > /dev/null && ! command -v nft > /dev/null; then
  if ! [ -x "$(command -v apt)" ]; then
    echo -e "${RED}Error: You have installed iptables, but ipset is not installed. Install ipset before installation.${NC}" >&2
    exit 1
  else
    echo "Installing ipset..."
    apt install -y ipset > /dev/null  2>&1
  fi
fi

if ! [ -x "$(command -v jq)" ]; then
  if ! [ -x "$(command -v apt)" ]; then
    echo -e "${RED}Error: jq is not installed. It is needed for installation process.${NC}" >&2
    exit 1
  else
    echo "Installing jq..."
    apt install -y jq > /dev/null  2>&1
  fi
fi

arch=`(uname -m)`

echo "Checking latest DisWall release on GitHub..."
if ! [ -x "$(command -v curl)" ]; then
  data=$(wget -q -O - "https://api.github.com/repos/dis-works/diswall-rs/releases/latest")
else
  data=$(curl -s "https://api.github.com/repos/dis-works/diswall-rs/releases/latest")
fi

ver=$(echo $data | jq -r ".tag_name")

echo -e "Latest release version is ${GREEN}${ver}${NC}"

if [ "$ver" != "" ]
then
  # get url for new version from the JSON data pulled from github:
  #pattern=".assets[] | select(.name | contains("$arch")).browser_download_url"
  #echo "pattern = $pattern"
  urldata=$(echo $data | jq -r ".assets[] | select(.name | contains(\"$arch\")).browser_download_url")
  url=$(echo $urldata | awk '{print $1}')

  echo "Downloading DisWall binary from GitHub..."
  # download the new version
  cd ~
  wget -q -O diswall $url
  chmod +x diswall
  echo "Running installation..."
  ./diswall --install

  echo -e "${GREEN}DisWall installation procedure finished${NC}"
  rm ./diswall

  # Ask the user a Yes/No question
  read -p "Do you want to start DisWall service? (Y/N): " answer < /dev/tty; echo

  # Check the user's input
  if [[ "$answer" == "Y" || "$answer" == "y" ]]; then
    # Run the command if the user enters Y/y
    echo "Starting DisWall service..."
    systemctl enable --now diswall
    echo -e "If you want to run DisWall UI run ${GREEN}diswall -i${NC}"
  else
    echo -e "${RED}Ok, start DisWall yourself.${NC}"
  fi

else
  echo "Didn't find appropriate binary on GitHub for your arch ($arch), no action taken"
fi