#!/usr/bin/env bash
# =============================================================================
# onx-caddy-vhosts-rewrite (v3.40) — Tüm Caddy customer site'larını yeniden render.
#
# OLS için onx-ols-vhosts-unified-rewrite paritesi (Nginx version: onx-nginx-vhosts-rewrite).
# Switch sonrası veya template değişikliği sonrası mevcut /etc/caddy/sites/*.caddy
# dosyalarını onx-vhost-add-caddy ile yeniden render eder.
#
# Input (stdin JSON):
#   { "reload": true|false, "filter_user": "", "filter_domain": "" }
# Output: { "ok": true, "total": N, "regenerated": M, "failed": K, "errors": [...] }
#
# Idempotent.
# =============================================================================

set -euo pipefail

SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root

INPUT_RAW="$(cat 2>/dev/null || echo '{}')"
[[ -z "${INPUT_RAW}" ]] && INPUT_RAW='{}'

RELOAD=$(onx_json_get_bool "${INPUT_RAW}" "reload" "true")
FILTER_USER=$(onx_json_get "${INPUT_RAW}" "filter_user" "")
FILTER_DOMAIN=$(onx_json_get "${INPUT_RAW}" "filter_domain" "")

CADDY_SITES_DIR="/etc/caddy/sites"

if [[ ! -d "${CADDY_SITES_DIR}" ]]; then
    json_ok '{"ok":true, "total":0, "regenerated":0, "failed":0, "errors":[], "message":"Caddy sites dir yok"}'
    exit 0
fi

# DB credentials
ENV_FILE="/opt/onoxsoft/.env"
[[ -f "${ENV_FILE}" ]] || onx_die 2 "Panel .env bulunamadı"
DB_NAME=$(grep -E '^DB_DATABASE=' "${ENV_FILE}" | head -1 | cut -d'=' -f2)
DB_USER=$(grep -E '^DB_USERNAME=' "${ENV_FILE}" | head -1 | cut -d'=' -f2)
DB_PASS=$(grep -E '^DB_PASSWORD=' "${ENV_FILE}" | head -1 | cut -d'=' -f2)

TOTAL=0
REGENERATED=0
FAILED=0
SKIPPED=0
ERRORS_JSON="[]"
START_MS=$(date +%s%3N)

shopt -s nullglob
for vh_file in "${CADDY_SITES_DIR}"/*.caddy; do
    TOTAL=$((TOTAL + 1))
    vh_name=$(basename "${vh_file}" .caddy)
    if ! [[ "${vh_name}" =~ ^(onx_[a-z0-9]{4,12})-(.+)$ ]]; then
        SKIPPED=$((SKIPPED + 1))
        continue
    fi
    USER_NAME="${BASH_REMATCH[1]}"
    DOMAIN="${BASH_REMATCH[2]}"

    [[ -n "${FILTER_USER}" && "${FILTER_USER}" != "${USER_NAME}" ]] && { SKIPPED=$((SKIPPED + 1)); continue; }
    [[ -n "${FILTER_DOMAIN}" && "${FILTER_DOMAIN}" != "${DOMAIN}" ]] && { SKIPPED=$((SKIPPED + 1)); continue; }

    # v3.43: System subdomain detection — DB row aramadan filename'den parse
    IS_SYS_SUBDOMAIN="false"
    SUBDOMAIN_TYPE=""
    PARENT_DOMAIN=""
    for sys_prefix in "webmail." "mail." "panel." "webdisk." "autoconfig." "autodiscover."; do
        if [[ "${DOMAIN}" == "${sys_prefix}"* ]]; then
            IS_SYS_SUBDOMAIN="true"
            PARENT_DOMAIN="${DOMAIN#${sys_prefix}}"
            case "${sys_prefix}" in
                webmail.|mail.) SUBDOMAIN_TYPE="webmail_proxy" ;;
                panel.)         SUBDOMAIN_TYPE="panel_redirect" ;;
                webdisk.)       SUBDOMAIN_TYPE="webdisk" ;;
                autoconfig.|autodiscover.) SUBDOMAIN_TYPE="mail_autoconfig" ;;
            esac
            break
        fi
    done

    if [[ "${IS_SYS_SUBDOMAIN}" == "false" ]]; then
        META=$(MYSQL_PWD="${DB_PASS}" mysql -u"${DB_USER}" -N -B "${DB_NAME}" -e \
            "SELECT IFNULL(d.document_root,''), IFNULL(d.php_version,'8.2'), IFNULL(d.ssl_enabled,0) FROM domains d JOIN accounts a ON a.id=d.account_id WHERE a.username='${USER_NAME}' AND d.name='${DOMAIN}' LIMIT 1;" 2>/dev/null || true)
        if [[ -z "${META}" ]]; then
            FAILED=$((FAILED + 1))
            ERRORS_JSON=$(echo "${ERRORS_JSON}" | jq --arg vh "${vh_name}.caddy" --arg r "DB row missing (customer)" '. += [{vhost:$vh, reason:$r}]')
            continue
        fi
        IFS=$'\t' read -r DOC_ROOT PHP_VERSION SSL_ENABLED <<< "${META}"
    else
        DOC_ROOT=""
        PHP_VERSION="8.2"
        SSL_ENABLED="1"
    fi
    [[ -z "${DOC_ROOT}" ]] && DOC_ROOT="/home/users/${USER_NAME}/public_html"
    SSL_BOOL="false"
    [[ "${SSL_ENABLED}" == "1" ]] && SSL_BOOL="true"

    if [[ "${IS_SYS_SUBDOMAIN}" == "true" ]]; then
        REQ=$(printf '{"server":"caddy","username":"%s","domain":"%s","doc_root":"%s","php_version":"%s","ssl_enabled":%s,"skip_reload":true,"is_system_subdomain":true,"subdomain_type":"%s","parent_domain":"%s"}' \
            "${USER_NAME}" "${DOMAIN}" "${DOC_ROOT}" "${PHP_VERSION}" "${SSL_BOOL}" "${SUBDOMAIN_TYPE}" "${PARENT_DOMAIN}")
    else
        REQ=$(printf '{"server":"caddy","username":"%s","domain":"%s","doc_root":"%s","php_version":"%s","ssl_enabled":%s,"skip_reload":true}' \
            "${USER_NAME}" "${DOMAIN}" "${DOC_ROOT}" "${PHP_VERSION}" "${SSL_BOOL}")
    fi
    if echo "${REQ}" | "${SCRIPT_DIR}/onx-vhost-add" >/dev/null 2>&1; then
        REGENERATED=$((REGENERATED + 1))
    else
        FAILED=$((FAILED + 1))
        ERRORS_JSON=$(echo "${ERRORS_JSON}" | jq --arg vh "${vh_name}.caddy" --arg r "vhost-add caddy fail" '. += [{vhost:$vh, reason:$r}]')
    fi
done
shopt -u nullglob

# Final reload
RELOADED="skipped"
if [[ "${RELOAD}" == "true" ]] && systemctl is-active --quiet caddy 2>/dev/null; then
    if caddy validate --config /etc/caddy/Caddyfile --adapter caddyfile 2>/dev/null; then
        if systemctl reload caddy 2>/dev/null; then
            RELOADED="reload"
        else
            RELOADED="reload_fail"
        fi
    else
        RELOADED="validate_fail"
    fi
fi

END_MS=$(date +%s%3N)
DURATION_MS=$((END_MS - START_MS))

json_ok "$(jq -n \
    --argjson total "${TOTAL}" \
    --argjson regenerated "${REGENERATED}" \
    --argjson failed "${FAILED}" \
    --argjson skipped "${SKIPPED}" \
    --argjson errors "${ERRORS_JSON}" \
    --arg reloaded "${RELOADED}" \
    --argjson duration_ms "${DURATION_MS}" \
    '{ok:true, total:$total, regenerated:$regenerated, failed:$failed, skipped:$skipped, reloaded:$reloaded, duration_ms:$duration_ms, errors:$errors}')"
