#!/bin/bash
# info: add user sftp jail
# options: USER [RESTART]
#
# example: v-add-user-sftp-jail admin
#
# This function enables sftp jailed environment

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

# Argument definition
user=$1
restart=$2

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '1' "$#" 'USER'
is_format_valid 'user'
check=$(is_object_valid 'user' 'USER' "$user")
if [ $? -ne 0 ]; then
	user_str=$(grep "^$user:" /etc/passwd | egrep "rssh|nologin")
	#try to detect "owner" of the ftp_user if not found dont set it up
	user_owner=$(echo $user_str | cut -f6 -d : | cut -f3 -d /)
	is_object_valid 'user' 'USER' "$user_owner"
fi
user_str=$(grep "^$user:" /etc/passwd | egrep "rssh|nologin")
if [ -z "$user_str" ]; then
	exit
fi

# Get current users and split into array
ssh_users=$(grep -A1 "^# Hestia SFTP Chroot" /etc/ssh/sshd_config | sed -n 2p | sed 's/Match User //')
IFS=',' read -r -a users <<< "$ssh_users"

# Check if jail exist
match_string="$ssh_users,"
if [[ "$match_string" =~ ,$user, ]]; then
	if [[ -d /home/$user && -z "$(find /home/$user -user root -print -prune -o -prune)" ]]; then
		chown root:root /home/$user
	fi
	exit
fi

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Add user to array
users+=($user)

# Write new user list to config
users=$(
	IFS=','
	echo "${users[*]// /|}"
	IFS=$' \t\n'
)
sed -i "s/$ssh_users/$users/g" /etc/ssh/sshd_config

# Set home folder permission to root
if [ -d "/home/$user" ]; then
	chown root:root /home/$user
fi

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Restart ssh service
if [ "$restart" = 'no' ]; then
	# Skip restart of SSH daemon
	echo "" > /dev/null 2>&1
else
	service ssh restart > /dev/null 2>&1
fi

# Logging
log_event "$OK" "$ARGUMENTS"

exit