#!/usr/bin/env bash
#
# onx-fail2ban-jail-toggle — Jail'i enable/disable et (config dosyasında "enabled =" satırını değiştir).
#
# Input: {"jail_name": "sshd", "enabled": true|false}
# Output: {"ok":true,"jail":"...","enabled":bool,"reloaded":true}

set -euo pipefail

input="$(cat)"
jail="$(echo "$input" | jq -r '.jail_name // empty')"
enabled="$(echo "$input" | jq -r '.enabled // empty')"

if [[ -z "$jail" ]] || ! [[ "$jail" =~ ^[a-zA-Z0-9_-]{1,40}$ ]]; then
    jq -nc '{ok:false,error:"jail_name required"}' >&2
    exit 1
fi

if [[ "$enabled" != "true" && "$enabled" != "false" ]]; then
    jq -nc '{ok:false,error:"enabled must be true|false"}' >&2
    exit 1
fi

readonly JAIL_FILE="/etc/fail2ban/jail.d/${jail}.local"

if [[ ! -f "$JAIL_FILE" ]]; then
    jq -nc --arg j "$jail" --arg f "$JAIL_FILE" '{ok:false,error:"jail file not found",jail:$j,file:$f}' >&2
    exit 2
fi

# `enabled = true|false` satırını güncelle veya ekle
new_val="$enabled"
if grep -qE '^[[:space:]]*enabled[[:space:]]*=' "$JAIL_FILE"; then
    sed -i -E "s/^([[:space:]]*enabled[[:space:]]*=).*/\1 ${new_val}/" "$JAIL_FILE"
else
    # [jail_name] section'ı varsa altına ekle, yoksa dosya başına
    if grep -qE "^\[${jail}\]" "$JAIL_FILE"; then
        sed -i -E "/^\[${jail}\]/a enabled = ${new_val}" "$JAIL_FILE"
    else
        echo -e "\n[${jail}]\nenabled = ${new_val}" >> "$JAIL_FILE"
    fi
fi

# Reload fail2ban
reloaded=true
if command -v fail2ban-client &>/dev/null; then
    fail2ban-client reload 2>/dev/null || reloaded=false
fi

logger -t "onox-fail2ban" "Toggled jail $jail to enabled=$new_val"

jq -nc --arg jail "$jail" --argjson enabled "$([[ "$enabled" == "true" ]] && echo true || echo false)" --argjson reloaded "$reloaded" \
    '{ok:true,jail:$jail,enabled:$enabled,reloaded:$reloaded}'
