#!/usr/bin/env bash
#
# onx-time-sync — Force time sync (chronyc makestep) + timezone set.
#
# Stdin (JSON):
#   {"timezone": "Europe/Istanbul"}  // opsiyonel; verilirse timezone set edilir
#
# Stdout (JSON):
#   {"ok": true, "timezone": "...", "drift_before": N, "drift_after": N, "synced": true}
#
# Exit: 0=ok, 2=preflight (chrony yok), 3=exec (makestep fail)

INPUT=$(cat 2>/dev/null || echo '{}')
NEW_TZ=$(echo "$INPUT" | jq -r '.timezone // ""' 2>/dev/null)

# Timezone set (opsiyonel)
if [[ -n "$NEW_TZ" ]]; then
    # Path traversal + valid timezone check
    if [[ ! "$NEW_TZ" =~ ^[A-Za-z_/+-]+$ ]] || [[ ! -f "/usr/share/zoneinfo/${NEW_TZ}" ]]; then
        echo '{"error":"geçersiz timezone"}' >&2
        exit 1
    fi
    timedatectl set-timezone "$NEW_TZ" 2>/dev/null
fi

CURRENT_TZ=$(timedatectl show --property=Timezone --value 2>/dev/null)

# chrony preflight
if ! systemctl is-active --quiet chronyd 2>/dev/null; then
    # chronyd start dene
    systemctl enable --now chronyd 2>/dev/null || {
        echo "{\"error\":\"chronyd çalışmıyor + start fail\",\"timezone\":\"$CURRENT_TZ\"}" >&2
        exit 2
    }
    sleep 2
fi

if ! command -v chronyc >/dev/null 2>&1; then
    echo "{\"error\":\"chronyc CLI yok\",\"timezone\":\"$CURRENT_TZ\"}" >&2
    exit 2
fi

# Drift before
DRIFT_BEFORE=$(chronyc tracking 2>/dev/null | grep -E "^System time" | sed -E 's/.*: ([0-9.e+-]+) seconds.*/\1/')
DRIFT_BEFORE="${DRIFT_BEFORE:-0}"

# Force step (jump immediately, slew yerine)
chronyc makestep 2>/dev/null || true
chronyc burst 4/4 2>/dev/null || true
sleep 3

# Drift after
DRIFT_AFTER=$(chronyc tracking 2>/dev/null | grep -E "^System time" | sed -E 's/.*: ([0-9.e+-]+) seconds.*/\1/')
DRIFT_AFTER="${DRIFT_AFTER:-0}"

# NTP synced
NTP_SYNCED=$(timedatectl show --property=NTPSynchronized --value 2>/dev/null)

echo "{\"ok\":true,\"timezone\":\"$CURRENT_TZ\",\"drift_before\":${DRIFT_BEFORE},\"drift_after\":${DRIFT_AFTER},\"synced\":$([ "$NTP_SYNCED" = "yes" ] && echo true || echo false)}"
exit 0
