#!/usr/bin/env bash
# onx-rspamd-conf-write — Rspamd local.d/ dosyalarını DB ayarlarından UCL formatında yazar.
# stdin: {"settings":[{"key":"score_reject_threshold","value":"15"},…]}
# stdout: {"files_written":[…],"checked":true}

set -euo pipefail
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
require_cmd rspamadm

onx_json_input

SETTINGS_LEN=$(echo "$INPUT" | jq '.settings | length' 2>/dev/null || echo 0)
if [[ "$SETTINGS_LEN" -lt 1 ]]; then
    onx_die 1 "Geçersiz girdi: 'settings' dizisi boş veya eksik"
fi

LOCAL_D="/etc/rspamd/local.d"
mkdir -p "$LOCAL_D"

# Anahtar → Rspamd modül dosyası eşleşme tablosu
declare -A KEY_MODULE_MAP=(
    # actions.conf (score thresholds)
    [score_reject_threshold]="actions"
    [score_add_header_threshold]="actions"
    [score_rewrite_subject_threshold]="actions"
    [score_greylist_threshold]="actions"
    [score_no_action_threshold]="actions"
    # dkim.conf
    [dkim_signing]="dkim_signing"
    [dkim_allow_username_mismatch]="dkim_signing"
    [dkim_sign_authenticated]="dkim_signing"
    # dmarc.conf
    [dmarc_enabled]="dmarc"
    [dmarc_send_reports]="dmarc"
    [dmarc_report_sender]="dmarc"
    # classifier-bayes.conf
    [bayes_autolearn]="classifier-bayes"
    [bayes_autolearn_threshold_spam]="classifier-bayes"
    [bayes_autolearn_threshold_ham]="classifier-bayes"
    [bayes_min_learns]="classifier-bayes"
    [bayes_backend]="classifier-bayes"
    # redis.conf
    [redis_servers]="redis"
    [redis_password]="redis"
    [redis_db]="redis"
    [redis_timeout]="redis"
    # milter_headers.conf
    [milter_headers_use]="milter_headers"
    [milter_spam_header]="milter_headers"
    [milter_spamd_result_header]="milter_headers"
    # options.conf
    [max_message_size]="options"
    [dns_timeout]="options"
    [dns_retransmits]="options"
    [task_timeout]="options"
    [cache_expire]="options"
)

declare -A MODULE_CONTENTS  # module → içerik

# Boolean değerleri UCL formatına çevir
_ucl_value() {
    local v="$1"
    case "$v" in
        "1"|"true"|"yes") echo "true" ;;
        "0"|"false"|"no") echo "false" ;;
        [0-9]*) echo "$v" ;;
        *) echo "\"${v}\"" ;;
    esac
}

while IFS= read -r setting; do
    KEY=$(echo "$setting" | jq -r '.key')
    VALUE=$(echo "$setting" | jq -r '.value')

    MODULE="${KEY_MODULE_MAP[$KEY]:-}"
    if [[ -z "$MODULE" ]]; then
        MODULE="onox-extra"
    fi

    UCL_VALUE=$(_ucl_value "$VALUE")
    MODULE_CONTENTS[$MODULE]+="${KEY} = ${UCL_VALUE};"$'\n'
done < <(echo "$INPUT" | jq -c '.settings[]')

FILES_WRITTEN=()

for MODULE in "${!MODULE_CONTENTS[@]}"; do
    OUTFILE="${LOCAL_D}/onox-${MODULE}.conf"
    TS=$(date -Iseconds)
    {
        echo "# ONOX-managed Rspamd config — ${MODULE}"
        echo "# Generated by onx-rspamd-conf-write — do not edit manually"
        echo "# Generated: ${TS}"
        echo ""
        echo "${MODULE_CONTENTS[$MODULE]}"
    } > "$OUTFILE"
    FILES_WRITTEN+=("onox-${MODULE}.conf")
done

# Sözdizimi kontrolü
if ! rspamadm configtest >/dev/null 2>&1; then
    # Geri al
    for MODULE in "${!MODULE_CONTENTS[@]}"; do
        rm -f "${LOCAL_D}/onox-${MODULE}.conf"
    done
    onx_die 3 "rspamadm configtest başarısız — yazılan dosyalar geri alındı"
fi

FILES_JSON=$(printf '%s\n' "${FILES_WRITTEN[@]}" | jq -R '.' | jq -s '.')

json_ok "{\"files_written\":${FILES_JSON},\"checked\":true,\"count\":${#FILES_WRITTEN[@]}}"
