#!/bin/bash
# t4 - 'trac' helper

set -e

source "/home/zwelch/src/mcf/mcsh-release/install/share/mcsh/mcsh.sh"

lib_load 'net/tool/trac'
lib_load "mcui"


######
# Site


t4_site() { trac_dispatch "$@"; }

t4_site_usage() {
	cat <<EOF
<cmd> [...]
Commands:
	init				Create the managed trac site

Command Groups:
	apache ...			Commands to configure Apache support
	wsgi ...			Commands to configure WSGI support
EOF
}

t4_site_init() { trac_site_init "$@"; }
t4_site_delete() {
	local result
	mcui_yesno_warn result "$trac_root: delete entire site? "

	local msg="aborted..."
	if [ "$result" = yes ]; then
		trac_site_delete
		msg="done!"
	fi

	info "$trac_root: site delete: $msg"
}

t4_site_apache() { cmd_dispatch "$@"; }
t4_site_apache_usage() {
	cat <<EOF
init
Commands:
	init 				Create the apache2.conf file
EOF
}

t4_site_apache_init() {
	warn "FIXME: refactor l4 core into new runtime library"
	warn "FIXME: refactor a6 core into new runtime library"
	error "command not implemented"

	local -u ldap_realm="$domain"
	# FIXME: ldap_realm=$(l4 config show ldap_realm)

	cat >conf/apache2.conf <<EOF
<VirtualHost *:80>
	ServerAdmin $trac_admin@$domain
	ServerName $trac_host

	ErrorLog $trac_root/logs/error-log
	CustomLog $trac_root/logs/access-log combined

	RewriteEngine on
	RewriteCond %{SERVER_NAME} =$trac_host
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:443>
	ServerAdmin $trac_admin@$domain
	ServerName $trac_host

	ErrorLog $trac_root/logs/ssl-error-log
	CustomLog $trac_root/logs/ssl-access-log combined

	SSLEngine On
	SSLCertificateFile /etc/letsencrypt/live/$trac_host/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/$trac_host/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf

	WSGIScriptAliasMatch /([^/]+) $trac_root/wsgi/\$1.py

	<Directory $trac_root/wsgi>
		WSGIApplicationGroup %{RESOURCE}
		Require all granted
	</Directory>

	<LocationMatch /[^/]+/login>
		AuthType basic
		AuthName "$ldap_realm"

		AuthBasicProvider ldap
		AuthLDAPURL "ldap://ldap.$domain/ou=People,dc=example,dc=com?uid"
		AuthLDAPGroupAttribute memberUid
		AuthLDAPGroupAttributeIsDN off

		# users must be members of this group
		#Require ldap-group cn=group,ou=Group,dc=example,dc=com
		# or all users
		Require valid-user

		Order allow,deny
		Allow from all
	</LocationMatch>
</VirtualHost>
EOF
}

t4_site_wsgi() { cmd_dispatch "$@"; }
t4_site_wsgi_usage() {
	cat <<EOF
init
Commands:
	init				Create the trac.wsgi file
EOF
}

t4_site_wsgi_init() {
	cat >"$trac_wsgi_script" <<EOF
#!/usr/bin/env python
import os
import sys

os.environ['PYTHON_EGG_CACHE'] = '$trac_root/eggs'

import trac.web.main
def application(environ, start_response):
  name = environ['SCRIPT_NAME']
  environ['trac.env_path'] = '$trac_root/data' + name
  return trac.web.main.dispatch_request(environ, start_response)
EOF
}


######
# Project

t4_project() { trac_dispatch "$@"; }

t4_project_usage() {
	cat <<EOF
<cmd> [...]
Commands:
	new <name> <desc>		Create a new project
	delete <name>			Delete a project
	config <name>			Configure a project

	enable <name>			Enable projects
	disable <name>			Disable projects

Command Groups:
	perm ...			Commands to manage permissions
EOF
}

t4_project_exists() { trac_project_exists "$@"; }
trac_project_exists() {
	has_args 1 "$@"
	[ -f "data/$1/VERSION" ]
}

t4_project_new() { trac_project_new "$@"; }

t4_project_delete() {
	has_args 1 "$@"
	local name=$1
	if ! t4_project_exists "$name"; then
		error "$name: does not exists"
	fi

	local confirm=false
	read_yesno "$name: delete this trac project (y/N)? " confirm
	local msg="cancelled"
	if $confirm; then
		trac_project_delete "$name"
		msg="deleted"
	fi
	app_echo "$name: $msg"
}

t4_project_config() {
	has_args 1 "$@"
	[ "$EDITOR" ] || error "\$EDITOR must be set in the environment"
	run $EDITOR $(project_config_file "$1")
}

t4_project_enable() { trac_project_enable "$@"; }
t4_project_disable() { trac_project_disable "$@"; }

t4_project_perm() { cmd_dispatch "$@"; }
t4_project_perm_add() {
	local name=$1
	local user=$2
	shift 2
	run_pushd "$(trac_project_dir "$name")"
	for_each "trac_admin permission add $user" "$@"
	run_popd
}


t4_project_list() {
	run_pushd "data"
	echo * |grep -v '\*'
	run_popd
}

######
# Check

t4_check() {
	if ! $intense; then
		app_help
		return
	fi

	ve_activate "$script_tempdir"

	local tmp="$(cmd_tempfile)"
	local trac_root="$tmp.d"
	local trac_host="localhost"
	t4 site init

	cd "$trac_root"
	t4 project new test1 'Test 1'
	t4 project enable test1
	t4 project delete test1

	echo "y" | t4 site delete
}

######
# Main

t4_desc() { echo "Trac site manager"; }

t4_usage() {
	cat <<USAGE
<cmd> ...
Command Groups:
	site ...			Manage the Trac site
	project ...			Manage a Trac project
USAGE
}

t4_help() {
	cat <<HELP
The $script_name tool manages sets of trac projects as an Apache, allowing the
easy creation and deployment of new projects based on existing templates.
HELP
}

app_run "$@"