#!/usr/bin/env bash
# onx-dkim-remove — DKIM anahtar dosyalarını siler + OpenDKIM/Rspamd reload
# stdin: {"domain":"example.com","selector":"onox2026"}
# stdout: {"ok":true,"domain":"…","selector":"…","removed_files":[…]}

set -euo pipefail
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root

onx_json_input

DOMAIN=$(onx_json_field "domain")
SELECTOR=$(onx_json_field "selector")

if [[ -z "$DOMAIN" ]]; then
    onx_die 1 "Eksik alan: domain"
fi
if [[ -z "$SELECTOR" ]]; then
    onx_die 1 "Eksik alan: selector"
fi

onx_validate_domain "$DOMAIN"

if ! [[ "$SELECTOR" =~ ^[a-zA-Z0-9_-]+$ ]]; then
    onx_die 1 "Geçersiz selector formatı"
fi

DKIM_DIR="/etc/onox/dkim/${DOMAIN}"
REMOVED_FILES=()

for EXT in private pub txt; do
    FILE="${DKIM_DIR}/${SELECTOR}.${EXT}"
    if [[ -f "$FILE" ]]; then
        rm -f "$FILE"
        REMOVED_FILES+=("${SELECTOR}.${EXT}")
    fi
done

# Dizin boşsa sil
if [[ -d "$DKIM_DIR" ]] && [[ -z "$(ls -A "$DKIM_DIR" 2>/dev/null)" ]]; then
    rmdir "$DKIM_DIR" 2>/dev/null || true
fi

# OpenDKIM varsa reload
if systemctl is-active opendkim &>/dev/null; then
    systemctl reload opendkim 2>/dev/null || true
fi

# Rspamd varsa reload
if systemctl is-active rspamd &>/dev/null; then
    systemctl reload rspamd 2>/dev/null || true
fi

FILES_JSON=$(printf '%s\n' "${REMOVED_FILES[@]:-}" | jq -R '.' | jq -s '.')

json_ok "{\"ok\":true,\"domain\":\"${DOMAIN}\",\"selector\":\"${SELECTOR}\",\"removed_files\":${FILES_JSON}}"
