#!/bin/bash
# info: add password protection to web domain statistics
# options: USER DOMAIN STATS_USER STATS_PASSWORD [RESTART]
#
# example: v-add-web-domain-stats-user admin example.com watchdog your_password
#
# This function is used for securing the web statistics page.

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

# Argument definition
user=$1
domain=$2
stats_user=$3
password=$4
HIDE=4
restart=$5

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/domain.sh
source $HESTIA/func/domain.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '4' "$#" 'USER DOMAIN STATS_USER STATS_PASS [RESTART]'
is_format_valid 'user' 'domain' 'stats_user'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
is_password_valid

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Defining statistic dir
stats_dir="$HOMEDIR/$user/web/$domain/stats"
conf_dir="$HOMEDIR/$user/conf/web"

# Adding htaccess file
if [ "$WEB_SYSTEM" = 'nginx' ]; then
	echo "auth_basic \"Web Statistics\";" > $stats_dir/auth.conf
	echo "auth_basic_user_file $stats_dir/.htpasswd;" >> $stats_dir/auth.conf
else
	echo "AuthUserFile $stats_dir/.htpasswd" > $stats_dir/.htaccess
	echo "AuthName \"Web Statistics\"" >> $stats_dir/.htaccess
	echo "AuthType Basic" >> $stats_dir/.htaccess
	echo "Require valid-user" >> $stats_dir/.htaccess
fi

# Generating htaccess user and password
salt=$(generate_password "$PW_MATRIX" "8")
stats_pass=$($BIN/v-generate-password-hash md5 $salt $password)
echo "$stats_user:$stats_pass" > $stats_dir/.htpasswd

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Adding stats user in config
update_object_value 'web' 'DOMAIN' "$domain" '$STATS_USER' "$stats_user"
update_object_value 'web' 'DOMAIN' "$domain" '$STATS_CRYPT' "$stats_pass"

# Restarting web server
if [ "$WEB_SYSTEM" = 'nginx' ]; then
	$BIN/v-restart-web "$restart"
	check_result $? "Web restart failed" > /dev/null
fi

# Logging
$BIN/v-log-action "$user" "Info" "Web" "Web traffic analyzer password enabled (Username: $stats_user, Domain: $domain)."
log_event "$OK" "$ARGUMENTS"

exit