#!/usr/bin/env bash
# onx-rspamd-threshold — Rspamd actions.conf score eşiklerini güncelle.
#
# Rspamd action mantığı (yükselen sırada):
#   no_action    < greylist < add_header < rewrite_subject < reject
#
# Eşik değerleri /etc/rspamd/local.d/actions.conf'a yazılır.
# UCL formatı:
#   actions {
#       greylist        = 4;
#       add_header      = 6;
#       rewrite_subject = 8;
#       reject          = 15;
#   }
#
# stdin: {
#   "greylist": 4.0,
#   "add_header": 6.0,
#   "rewrite_subject": 8.0,
#   "reject": 15.0
# }
# stdout: {"ok":true,"file":"/etc/rspamd/local.d/actions.conf","thresholds":{...}}

set -euo pipefail
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
# shellcheck source=/dev/null
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
require_cmd rspamadm

onx_json_input

GREYLIST=$(onx_json_field "greylist" "4.0")
ADD_HEADER=$(onx_json_field "add_header" "6.0")
REWRITE=$(onx_json_field "rewrite_subject" "8.0")
REJECT=$(onx_json_field "reject" "15.0")

# Numeric validation — pozitif float (negatif eşik mantıksız)
_validate_num() {
    local name="$1" val="$2"
    if ! [[ "$val" =~ ^[0-9]+(\.[0-9]+)?$ ]]; then
        onx_die 1 "Geçersiz ${name}: pozitif sayı olmalı (geldi: '${val}')"
    fi
}

_validate_num "greylist" "$GREYLIST"
_validate_num "add_header" "$ADD_HEADER"
_validate_num "rewrite_subject" "$REWRITE"
_validate_num "reject" "$REJECT"

# Mantık kontrolü — yükselen sıra
_lt() {
    awk -v a="$1" -v b="$2" 'BEGIN { exit !(a < b) }'
}

if ! _lt "$GREYLIST" "$ADD_HEADER"; then
    onx_die 1 "greylist (${GREYLIST}) add_header (${ADD_HEADER})'den küçük olmalı"
fi
if ! _lt "$ADD_HEADER" "$REWRITE"; then
    onx_die 1 "add_header (${ADD_HEADER}) rewrite_subject (${REWRITE})'den küçük olmalı"
fi
if ! _lt "$REWRITE" "$REJECT"; then
    onx_die 1 "rewrite_subject (${REWRITE}) reject (${REJECT})'den küçük olmalı"
fi

LOCAL_D="/etc/rspamd/local.d"
mkdir -p "$LOCAL_D"
OUTFILE="${LOCAL_D}/actions.conf"
BACKUP=""

if [[ -f "$OUTFILE" ]]; then
    BACKUP="${OUTFILE}.bak.$(date +%s)"
    cp -a "$OUTFILE" "$BACKUP"
    onx_rollback_register "mv -f '${BACKUP}' '${OUTFILE}'"
fi

TS=$(date -Iseconds)
cat > "$OUTFILE" <<EOF
# ONOX-managed Rspamd action thresholds
# Generated: ${TS} by onx-rspamd-threshold
# Do NOT edit manually — Onoxsoft Admin Panel > Spam Filter > Action Thresholds

actions {
    greylist        = ${GREYLIST};
    add_header      = ${ADD_HEADER};
    rewrite_subject = ${REWRITE};
    reject          = ${REJECT};
}
EOF

chmod 644 "$OUTFILE"

# Sözdizimi kontrolü
trap 'onx_rollback_run' ERR
if ! rspamadm configtest >/dev/null 2>&1; then
    onx_die 3 "rspamadm configtest başarısız — backup'a geri alındı"
fi
trap - ERR

onx_audit "rspamd-threshold" "thresholds updated greylist=${GREYLIST} add_header=${ADD_HEADER} rewrite=${REWRITE} reject=${REJECT}"

# Backup temizle
[[ -n "$BACKUP" && -f "$BACKUP" ]] && rm -f "$BACKUP"

jq -n \
    --arg file "$OUTFILE" \
    --argjson g "$GREYLIST" \
    --argjson ah "$ADD_HEADER" \
    --argjson rw "$REWRITE" \
    --argjson rj "$REJECT" \
    '{
        ok: true,
        file: $file,
        thresholds: {
            greylist: $g,
            add_header: $ah,
            rewrite_subject: $rw,
            reject: $rj
        },
        message: "Action thresholds yazıldı — `rspamadm reload` veya panel Reload tuşu ile aktive edilir"
    }'
