#!/usr/bin/env bash
# onx-vhost-add-caddy — Create a Caddy vhost from template.
#
# Called by onx-vhost-add dispatcher when 'server' = 'caddy'.
# Caddy auto-HTTPS aktif — Let's Encrypt cert otomatik issue edilir.
#
# Input (stdin JSON) — same as onx-vhost-add.
# Output (stdout JSON):
#   {"vhost_path":..., "reloaded":true, "ssl_enabled":..., "server":"caddy"}
#
# Exit codes: 0=ok 1=invalid-input 2=preflight-fail 3=exec-fail 4=rolled-back

set -euo pipefail

SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
# shellcheck source=_lib/common.sh
source "${SCRIPT_DIR}/_lib/common.sh"

# ── Constants ────────────────────────────────────────────────────────────────
TEMPLATE_PATH="/usr/local/onoxsoft/templates/Caddyfile.stub"
VHOST_DIR="/etc/caddy/sites"

# ── Read & parse stdin ───────────────────────────────────────────────────────
INPUT=$(cat)
onx_require_json "${INPUT}"

USERNAME=$(onx_json_get "${INPUT}" "username")
DOMAIN=$(onx_json_get "${INPUT}" "domain")
DOC_ROOT=$(onx_json_get "${INPUT}" "doc_root")
PHP_VERSION=$(onx_json_get "${INPUT}" "php_version" "8.2")

# ── Input validation ─────────────────────────────────────────────────────────
onx_validate_username "${USERNAME}"
onx_validate_domain "${DOMAIN}"

[[ -z "${DOC_ROOT}" ]] && onx_die 1 "doc_root is required"

PHP_VERSION_NODOT="${PHP_VERSION//./}"

# ── Preflight ────────────────────────────────────────────────────────────────
mkdir -p "${VHOST_DIR}"
command -v caddy >/dev/null 2>&1 || onx_die 2 "caddy not found"
[[ -f "${TEMPLATE_PATH}" ]] || onx_die 2 "caddy template not found: ${TEMPLATE_PATH}"
[[ -d "/home/${USERNAME}" ]] || onx_die 2 "home directory not found: /home/${USERNAME}"

mkdir -p "/home/${USERNAME}/logs"

VHOST_PATH="${VHOST_DIR}/${USERNAME}-${DOMAIN}.caddy"
BACKUP_PATH="${VHOST_PATH}.bak.$$"
[[ -f "${VHOST_PATH}" ]] && cp "${VHOST_PATH}" "${BACKUP_PATH}"

# ── Build space-separated aliases (Caddy syntax: domain.com www.domain.com {...}) ──
SERVER_ALIASES_SPACE_SEPARATED=""
while IFS= read -r alias; do
  [[ -n "${alias}" ]] && SERVER_ALIASES_SPACE_SEPARATED+=" ${alias}"
done < <(onx_json_array_items "${INPUT}" "server_aliases")

# ── Render template ──────────────────────────────────────────────────────────
TMP_CONF=$(mktemp /tmp/onx-vhost-caddy-XXXXXX.caddy)
trap 'rm -f "${TMP_CONF}"' EXIT

cp "${TEMPLATE_PATH}" "${TMP_CONF}"

multiline_replace() {
  local var="$1"
  local val="$2"
  local tmpfile="${TMP_CONF}.replace"
  awk -v var="\${${var}}" -v val="${val}" '
    {
      while ((idx = index($0, var)) > 0) {
        $0 = substr($0, 1, idx-1) val substr($0, idx + length(var))
      }
      print
    }
  ' "${TMP_CONF}" > "${tmpfile}"
  mv "${tmpfile}" "${TMP_CONF}"
}

multiline_replace "USERNAME"                       "${USERNAME}"
multiline_replace "DOMAIN"                         "${DOMAIN}"
multiline_replace "DOC_ROOT"                       "${DOC_ROOT}"
multiline_replace "PHP_VERSION_NODOT"              "${PHP_VERSION_NODOT}"
multiline_replace "SERVER_ALIASES_SPACE_SEPARATED" "${SERVER_ALIASES_SPACE_SEPARATED}"

# Install the rendered config
install -m 0644 "${TMP_CONF}" "${VHOST_PATH}"

# Ensure main Caddyfile imports /etc/caddy/sites/*.caddy
MAIN_CADDYFILE="/etc/caddy/Caddyfile"
if [[ -f "${MAIN_CADDYFILE}" ]] && ! grep -q "import sites/\*.caddy" "${MAIN_CADDYFILE}"; then
  echo "" >> "${MAIN_CADDYFILE}"
  echo "import sites/*.caddy" >> "${MAIN_CADDYFILE}"
fi

# ── caddy validate → rollback on failure ─────────────────────────────────────
if ! caddy validate --config "${MAIN_CADDYFILE}" 2>/dev/null; then
  onx_log "caddy validate failed — rolling back"
  if [[ -f "${BACKUP_PATH}" ]]; then
    mv "${BACKUP_PATH}" "${VHOST_PATH}"
  else
    rm -f "${VHOST_PATH}"
  fi
  onx_die 4 "caddy validate failed; vhost rolled back"
fi

rm -f "${BACKUP_PATH}"

# ── Reload Caddy ─────────────────────────────────────────────────────────────
if ! systemctl reload caddy; then
  onx_die 3 "systemctl reload caddy failed"
fi

# ── Success ──────────────────────────────────────────────────────────────────
onx_json_out \
  "vhost_path"  "${VHOST_PATH}" \
  "reloaded"    "true" \
  "ssl_enabled" "true" \
  "server"      "caddy"
