#!/usr/bin/env bash
#
# onx-mailbox-remove — Maildir sil (path-validated, /var/vmail dışı reddedilir).
# DB row'unu Laravel MailboxProvisioner soft delete eder.
#
# Stdin (JSON):
#   {"email": "user@example.com"}
#
# Stdout (JSON):
#   {"email": "...", "maildir": "/var/vmail/.../Maildir", "removed": true|false}

INPUT=$(cat 2>/dev/null || echo '{}')
EMAIL=$(echo "$INPUT" | jq -r '.email // ""')

[[ -z "$EMAIL" ]] && { echo '{"error":"email gerekli"}' >&2; exit 1; }
[[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]] && { echo '{"error":"geçersiz email"}' >&2; exit 1; }

LOCAL="${EMAIL%@*}"
DOMAIN="${EMAIL#*@}"
MAILBOX_HOME="/var/vmail/${DOMAIN}/${LOCAL}"

# Path traversal guard — realpath ile /var/vmail/ dışı reject
case "$(realpath -m "$MAILBOX_HOME" 2>/dev/null)" in
    /var/vmail/*) ;;
    *) echo '{"error":"path traversal denied"}' >&2; exit 1 ;;
esac

REMOVED="false"
if [[ -d "$MAILBOX_HOME" ]]; then
    rm -rf "$MAILBOX_HOME" 2>/dev/null && REMOVED="true"
fi

echo "{\"email\":\"$EMAIL\",\"maildir\":\"$MAILBOX_HOME\",\"removed\":$REMOVED}"
exit 0
