#!/usr/bin/env bash
# =============================================================================
# onx-ftp-pure-user-delete — Pure-FTPd PureDB virtual user delete
#
# v88 Agent 3 — Default FTP User System.
# Account terminate'de tetiklenir; default + diğer FTP user'lar silinir.
# Idempotent: yoksa bile başarılı döner (already-removed=true flag).
#
# Input (stdin JSON):
#   {
#     "username":    "onx_xxxx",       -- required
#     "puredb_path": "/etc/pure-ftpd/pureftpd.pdb",
#     "passwd_path": "/etc/pure-ftpd/pureftpd.passwd"
#   }
#
# Output: {"ok":true,"username":"...","removed":true|false,"already_removed":bool,"mkdb_run":bool}
# Exit codes: 0=ok 1=invalid-input 2=preflight 3=exec-fail
# =============================================================================

set -euo pipefail

SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
# shellcheck source=_lib/common.sh
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
command -v jq      >/dev/null 2>&1 || onx_die 2 "jq gerekli"
command -v pure-pw >/dev/null 2>&1 || onx_die 2 "pure-pw bulunamadi"
onx_json_input

USERNAME=$(onx_json_field username)
PUREDB=$(onx_json_field   puredb_path "/etc/pure-ftpd/pureftpd.pdb")
PASSWD=$(onx_json_field   passwd_path "/etc/pure-ftpd/pureftpd.passwd")

[[ -z "${USERNAME}" ]] && onx_die 1 "username zorunlu"
[[ "${USERNAME}" =~ ^onx_[a-z0-9_]{3,30}$ ]] || onx_die 1 "username gecersiz: ${USERNAME}"
[[ -f "${PASSWD}" ]] || onx_die 2 "pureftpd.passwd bulunamadi (${PASSWD})"

ALREADY_REMOVED="false"
REMOVED="false"
MKDB_RUN="false"

# Kullanıcı mevcut mu?
if ! pure-pw show "${USERNAME}" -f "${PASSWD}" >/dev/null 2>&1; then
    ALREADY_REMOVED="true"
else
    if ! pure-pw userdel "${USERNAME}" -f "${PASSWD}" 2>/dev/null; then
        onx_die 3 "pure-pw userdel basarisiz: ${USERNAME}"
    fi
    REMOVED="true"
    if pure-pw mkdb "${PUREDB}" -f "${PASSWD}" 2>/dev/null; then
        MKDB_RUN="true"
    else
        # passwd dosyasından silindi ama mkdb fail — uyarı log
        onx_log "ftp-pure-user-delete: passwd silindi ama mkdb fail (DB stale): ${USERNAME}"
    fi
fi

onx_log "ftp-pure-user-delete: user=${USERNAME} removed=${REMOVED} already=${ALREADY_REMOVED}"

jq -nc \
    --arg username "${USERNAME}" \
    --argjson removed         "${REMOVED}" \
    --argjson already_removed "${ALREADY_REMOVED}" \
    --argjson mkdb_run        "${MKDB_RUN}" \
    '{
        ok: true,
        username: $username,
        removed: $removed,
        already_removed: $already_removed,
        mkdb_run: $mkdb_run
    }'
