#!/bin/bash
# info: generate access key
# options: USER [PERMISSIONS] [COMMENT] [FORMAT]
#
# example: v-add-access-key admin v-purge-nginx-cache,v-list-mail-accounts comment json
#
# The "PERMISSIONS" argument is optional for the admin user only.
# This function creates a key file in $HESTIA/data/access-keys/

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

# Argument definition
user=$1
permissions=$2
comment=$3
format=${4-shell}

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

keygen() {
	local LENGTH=${1:-20}
	local USE_SPECIAL_CHARACTERS="${2:-no}"

	local MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
	if [[ "$USE_SPECIAL_CHARACTERS" == "yes" ]]; then
		MATRIX+='_-='
	fi

	local PASS N
	while [ ${N:=1} -le $LENGTH ]; do
		PASS="$PASS${MATRIX:$(($RANDOM % ${#MATRIX})):1}"
		let N+=1
	done

	echo "$PASS"
}

access_key_id="$(keygen)"
secret_access_key="$(keygen 40 yes)"

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

# Remove whitespace and bin path from permissions
permissions="$(cleanup_key_permissions "$permissions")"

time_n_date=$(date +'%T %F')
time=$(echo "$time_n_date" | cut -f 1 -d \ )
date=$(echo "$time_n_date" | cut -f 2 -d \ )

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '1' "$#" 'USER [PERMISSIONS] [COMMENT] [FORMAT]'
is_format_valid 'user' 'comment' 'format'
is_object_valid 'user' 'USER' "$user"
is_key_permissions_format_valid "$permissions" "$user"

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

if [ ! -d "$HESTIA/data/access-keys/" ]; then
	mkdir -p $HESTIA/data/access-keys/
	chown root:root $HESTIA/data/access-keys/
	chmod 750 $HESTIA/data/access-keys/
fi

if [[ -e "$HESTIA/data/access-keys/${access_key_id}" ]]; then
	while [[ -e "$HESTIA/data/access-keys/${access_key_id}" ]]; do
		access_key_id=$(keygen)
	done
fi

echo "SECRET_ACCESS_KEY='$secret_access_key'" > "$HESTIA/data/access-keys/${access_key_id}"
echo "USER='$user'" >> "$HESTIA/data/access-keys/${access_key_id}"
echo "PERMISSIONS='$permissions'" >> "$HESTIA/data/access-keys/${access_key_id}"
echo "COMMENT='$comment'" >> "$HESTIA/data/access-keys/${access_key_id}"
echo "TIME='$time'" >> "$HESTIA/data/access-keys/${access_key_id}"
echo "DATE='$date'" >> "$HESTIA/data/access-keys/${access_key_id}"
# TODO Index reserved for future implementation
echo "EXPIRES_IN=''" >> "$HESTIA/data/access-keys/${access_key_id}"
echo "IP=''" >> "$HESTIA/data/access-keys/${access_key_id}"

chmod 640 "$HESTIA/data/access-keys/${access_key_id}"

$BIN/v-list-access-key "$access_key_id" "$format"

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Logging
log_history "Access key $access_key_id generated" "Warning" "$user" "API"
log_event "$OK" "$ARGUMENTS"

exit