#!/usr/bin/env bash
# onx-rspamd-dkim-stats — Rspamd log dosyasını parse edip son DKIM imzalama
# olaylarını JSON olarak döner.
#
# stdin: {"limit":100}    (limit opsiyonel, default 100, max 500)
# stdout: {"ok":true,"count":N,"events":[
#   {"timestamp":"…","queue_id":"…","domain":"…","selector":"…",
#    "action":"signed|missing_key|verify_fail","recipient":"…"}
# ]}

set -euo pipefail
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
# shellcheck disable=SC1091
source "${SCRIPT_DIR}/_lib/common.sh"

require_root

INPUT="$(cat || true)"
LIMIT=100
if [[ -n "$INPUT" ]]; then
    LIMIT="$(echo "$INPUT" | jq -r '.limit // 100')"
fi
[[ "$LIMIT" =~ ^[0-9]+$ ]] || LIMIT=100
(( LIMIT > 500 )) && LIMIT=500
(( LIMIT < 1 )) && LIMIT=100

LOG="/var/log/rspamd/rspamd.log"
if [[ ! -r "$LOG" ]]; then
    # Try alternative path
    if [[ -r "/var/log/rspamd/rspamd.log.0" ]]; then
        LOG="/var/log/rspamd/rspamd.log.0"
    else
        printf '{"ok":true,"count":0,"events":[],"note":"Rspamd log dosyası okunamıyor."}\n'
        exit 0
    fi
fi

# Rspamd log satır örnekleri:
#  2026-05-15 09:12:33 #1234(rspamd_proxy) <queueid>; dkim_signing; sign; domain: example.com selector: dkim
#  ... task; <id>; dkim; <domain>; missing_key
#
# Çıktıyı parse etmek için: dkim_signing veya "dkim;" geçen son N satır.

EVENTS_JSON="$(tail -n 50000 "$LOG" 2>/dev/null \
    | grep -E '(dkim_signing|dkim;)' \
    | tail -n "$LIMIT" \
    | awk -v LIM="$LIMIT" '
        function jsonesc(s,    r) {
            r = s
            gsub(/\\/, "\\\\", r)
            gsub(/"/,  "\\\"", r)
            return r
        }
        {
            ts = $1 " " $2
            line = $0
            queue_id = ""; domain = ""; selector = ""; action = "signed"; rcpt = ""
            if (match(line, /<[A-Fa-f0-9]+>/)) {
                queue_id = substr(line, RSTART+1, RLENGTH-2)
            }
            if (match(line, /domain: [^ ;]+/)) {
                domain = substr(line, RSTART+8, RLENGTH-8)
            }
            if (match(line, /selector[:=] [^ ;]+/)) {
                s = substr(line, RSTART, RLENGTH)
                sub(/^selector[:=] /, "", s)
                selector = s
            }
            if (line ~ /missing_key/)       action = "missing_key"
            else if (line ~ /verify_fail/)  action = "verify_fail"
            else if (line ~ /dkim_signing/) action = "signed"
            if (match(line, /rcpt[:=] [^ ;]+/)) {
                r = substr(line, RSTART, RLENGTH); sub(/^rcpt[:=] /, "", r); rcpt = r
            }
            if (out != "") out = out ","
            out = out "{"
            out = out "\"timestamp\":\"" jsonesc(ts) "\","
            out = out "\"queue_id\":\"" jsonesc(queue_id) "\","
            out = out "\"domain\":\"" jsonesc(domain) "\","
            out = out "\"selector\":\"" jsonesc(selector) "\","
            out = out "\"action\":\"" jsonesc(action) "\","
            out = out "\"recipient\":\"" jsonesc(rcpt) "\""
            out = out "}"
            n++
        }
        END { printf "[%s]\n", out }
    ')"

COUNT="$(echo "$EVENTS_JSON" | jq 'length' 2>/dev/null || echo 0)"

cat <<EOF
{"ok":true,"count":${COUNT},"events":${EVENTS_JSON}}
EOF
