#!/usr/bin/env bash
#
# onx-dovecot-protocols-update — Dovecot 'protocols' satırını set/toggle eder (v83)
#
# Whitelist: imap, pop3, lmtp, sieve. Diğer değerler reddedilir.
# stdin:  {"protocols":["imap","pop3","lmtp","sieve"]}
# stdout: {"ok":true,"protocols":"imap pop3 lmtp sieve","changed":true,
#          "syntax_ok":true,"reloaded":true}
#
# Exit codes: 0 ok, 1 invalid input, 2 preflight, 3 execution

set -euo pipefail
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
require_cmd doveconf
require_cmd systemctl

onx_json_input

DOVECOT_CONF="/etc/dovecot/dovecot.conf"
TS=$(date -Iseconds)

[[ -f "$DOVECOT_CONF" ]] || onx_die 2 "/etc/dovecot/dovecot.conf bulunamadı"

# Parse + whitelist validation
RAW=$(echo "$INPUT" | jq -r '.protocols // [] | join(" ")')
[[ -z "$RAW" ]] && onx_die 1 "'protocols' alanı boş — en az bir protokol gerekli"

# Whitelist check
for p in $RAW; do
    case "$p" in
        imap|pop3|lmtp|sieve|submission) ;;
        *) onx_die 1 "Geçersiz protokol: '$p' (izin verilen: imap pop3 lmtp sieve submission)" ;;
    esac
done

CURRENT=$(grep -E '^[[:space:]]*protocols[[:space:]]*=' "$DOVECOT_CONF" 2>/dev/null | tail -1 | sed -E 's/^[[:space:]]*protocols[[:space:]]*=[[:space:]]*//' || echo "")
CHANGED=false

if [[ "$CURRENT" != "$RAW" ]]; then
    BACKUP="${DOVECOT_CONF}.onx-bak.$(date +%s)"
    cp "$DOVECOT_CONF" "$BACKUP"

    # Tüm protocols satırlarını sil
    sed -i -E "/^[[:space:]]*protocols[[:space:]]*=/d" "$DOVECOT_CONF"
    {
        echo ""
        echo "# Set by onx-dovecot-protocols-update @ ${TS}"
        echo "protocols = ${RAW}"
    } >> "$DOVECOT_CONF"

    CHANGED=true

    if ! doveconf -n >/dev/null 2>&1; then
        mv "$BACKUP" "$DOVECOT_CONF"
        onx_die 3 "doveconf -n başarısız — değişiklik geri alındı"
    fi
    rm -f "$BACKUP"
fi

RELOADED=false
if [[ "$CHANGED" == "true" ]]; then
    if systemctl reload dovecot 2>/dev/null || systemctl restart dovecot 2>/dev/null; then
        RELOADED=true
    fi
fi

json_ok "$(jq -nc \
    --arg p "$RAW" \
    --argjson c "$CHANGED" \
    --argjson r "$RELOADED" \
    '{ok:true, protocols:$p, changed:$c, syntax_ok:true, reloaded:$r}')"
