#!/usr/bin/env bash
# onx-db-revoke — MariaDB yetkisini iptal et
# Input:  {"db_user":"onx_xxx_user","host":"localhost","db_name":"onx_xxx_app"}
# Output: {"db_user":...,"db_name":...,"revoked":true}

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
require_cmd mysql
onx_json_input

DB_USER="$(onx_json_field db_user)"
HOST="$(onx_json_field host 'localhost')"
DB_NAME="$(onx_json_field db_name)"

[[ -z "$DB_USER" ]] && onx_die 1 "db_user zorunlu"
[[ -z "$DB_NAME" ]] && onx_die 1 "db_name zorunlu"
[[ "$DB_USER" =~ ^onx_[a-z0-9]+_[a-z0-9_]+$ ]] || \
    onx_die 1 "Gecersiz db_user: '${DB_USER}'"
[[ "$DB_NAME" =~ ^onx_[a-z0-9]+_[a-z0-9_]+$ ]] || \
    onx_die 1 "Gecersiz db_name: '${DB_NAME}'"
[[ "$HOST" =~ ^[a-zA-Z0-9.%_-]+$ ]] || onx_die 1 "Gecersiz host: '${HOST}'"

onx_log "db-revoke: REVOKE ALL ON ${DB_NAME} FROM ${DB_USER}@${HOST}"

mysql_exec "" "REVOKE ALL PRIVILEGES ON \`${DB_NAME}\`.* FROM '${DB_USER}'@'${HOST}'; FLUSH PRIVILEGES;" \
    || onx_die 3 "REVOKE basarisiz: ${DB_USER}@${HOST} -> ${DB_NAME}"

json_ok "{\"db_user\":\"${DB_USER}\",\"host\":\"${HOST}\",\"db_name\":\"${DB_NAME}\",\"revoked\":true}"
