#!/bin/bash
# info: check access key
# options: ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]
#
# example: v-check-access-key key_id secret v-purge-nginx-cache 127.0.0.1 json
#
# * Checks if the key exists;
# * Checks if the secret belongs to the key;
# * Checks if the key user is suspended;
# * Checks if the key has permission to run the command.

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

access_key_id="$(basename "$1")"
secret_access_key=$2
hst_command=$3
ip46=${4-127.0.0.1}
format=${5-shell}

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

time_n_date=$(date +'%T %F')
time=$(echo "$time_n_date" | cut -f 1 -d \ )
date=$(echo "$time_n_date" | cut -f 2 -d \ )

# JSON list function
json_list() {
	echo -n '{"USER": "'$user'"'

	if [[ -n "$user_arg_pos" ]]; then
		echo -n ', "USER_ARG_POSITION": '$user_arg_pos''
	fi

	echo '}'
}

# SHELL list function
shell_list() {
	echo "USER:               $user"
	if [[ -n "$user_arg_pos" ]]; then
		echo "USER_ARG_POSITION:  $user_arg_pos"
	fi
}

# Callback to intercept invalid result validation
abort_missmatch() {
	echo "Error: $2"
	echo "$date $time ${access_key_id:-api} $ip46 failed to login" >> $HESTIA/log/auth.log

	# Add a log for user
	if [[ "$1" == "$E_PASSWORD" && -n "$user" ]]; then
		log_history "[$ip46] $access_key_id $2" "Error" "$user" "API"
	fi

	if [[ "$1" == "$E_FORBIDEN" ]]; then
		exit "$1"
	fi

	exit "$E_PASSWORD"
}

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

# Add a callback to intercept invalid "check_result" results
CHECK_RESULT_CALLBACK="abort_missmatch"

check_args '3' "$#" 'ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]'
is_format_valid 'access_key_id' 'ip46' 'command'
is_object_valid 'key' 'KEY' "$access_key_id"
is_format_valid 'secret_access_key'
check_access_key_secret "$access_key_id" "$secret_access_key" user
check_access_key_cmd "$access_key_id" "$hst_command" user_arg_pos

# Check if key owner is active
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
export USER_DATA=$HESTIA/data/users/$user
is_object_unsuspended 'user' 'USER' "$user"

# Remove the check_result callback
CHECK_RESULT_CALLBACK=""

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Listing data
case $format in
	json) json_list ;;
	shell) shell_list ;;
esac

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Logging
log_history "[$ip46] Access key $access_key_id successfully launched with command $hst_command" "Info" "$user" "API"
echo "$date $time $access_key_id $ip46 $hst_command successfully launched" >> $HESTIA/log/auth.log

exit