#!/bin/bash
# /var/www/html/platform/provision.sh
# Cronjob: * * * * * /var/www/html/platform/provision.sh >> /var/log/ki-provision.log 2>&1

PLATFORM_DB="/var/www/html/platform/platform.db"
TEMPLATE_DIR="/var/www/html/platform/template"
KUNDEN_DIR="/var/www/html/kunden"
VHOST_DIR="/etc/apache2/sites-available"
LOG_PREFIX="[$(date '+%Y-%m-%d %H:%M:%S')]"

# Prüfen ob SQLite3 verfügbar
if ! command -v sqlite3 &> /dev/null; then
    echo "$LOG_PREFIX ERROR: sqlite3 nicht gefunden"
    exit 1
fi

# Pending-Kunden aus DB holen
PENDING=$(sqlite3 "$PLATFORM_DB" "SELECT id,slug,domain,name FROM kunden WHERE status='pending'" 2>/dev/null)

if [ -z "$PENDING" ]; then
    exit 0
fi

echo "$LOG_PREFIX Pending-Kunden gefunden: $PENDING"

while IFS='|' read -r KID SLUG DOMAIN KNAME; do
    echo "$LOG_PREFIX Provisioniere: $SLUG ($DOMAIN)"

    KUNDEN_PATH="$KUNDEN_DIR/$SLUG"
    VHOST_FILE="$VHOST_DIR/$SLUG.conf"

    # 1. Verzeichnisstruktur anlegen (falls noch nicht vorhanden)
    if [ ! -d "$KUNDEN_PATH" ]; then
        echo "$LOG_PREFIX  → Kopiere Template nach $KUNDEN_PATH"
        cp -r "$TEMPLATE_DIR/." "$KUNDEN_PATH/"
        chown -R www-data:www-data "$KUNDEN_PATH"
        chmod -R 755 "$KUNDEN_PATH"
        chmod 700 "$KUNDEN_PATH/chats"
    fi

    # 2. VHost-Datei schreiben
    if [ ! -f "$VHOST_FILE" ]; then
        echo "$LOG_PREFIX  → Erstelle VHost: $VHOST_FILE"
        cat > "$VHOST_FILE" << VHOST
<VirtualHost *:80>
    ServerName $DOMAIN
    DocumentRoot $KUNDEN_PATH
    <Directory $KUNDEN_PATH>
        AllowOverride All
        Require all granted
        DirectoryIndex index.php index.html
    </Directory>
    ErrorLog \${APACHE_LOG_DIR}/$SLUG-error.log
    CustomLog \${APACHE_LOG_DIR}/$SLUG-access.log combined
</VirtualHost>
VHOST
    fi

    # 3. VHost aktivieren + Apache reload
    if ! apache2ctl -S 2>/dev/null | grep -q "$DOMAIN"; then
        echo "$LOG_PREFIX  → Aktiviere VHost"
        a2ensite "$SLUG.conf"
        systemctl reload apache2
        sleep 3
    fi

    # 4. Certbot
    echo "$LOG_PREFIX  → Certbot für $DOMAIN"
    certbot --apache -d "$DOMAIN" --non-interactive --agree-tos \
        --email webmaster@ki-methoden.com --redirect 2>&1 | tail -5

    if [ $? -eq 0 ]; then
        echo "$LOG_PREFIX  → SSL OK – status auf 'aktiv' setzen"
        sqlite3 "$PLATFORM_DB" "UPDATE kunden SET status='aktiv', aktiv=1 WHERE id=$KID"
        sqlite3 "$PLATFORM_DB" "INSERT INTO provision_log (kunden_id, message) VALUES ($KID, 'Provisionierung erfolgreich')"
    else
        echo "$LOG_PREFIX  → Certbot FEHLER – status auf 'error' setzen"
        sqlite3 "$PLATFORM_DB" "UPDATE kunden SET status='error' WHERE id=$KID"
        sqlite3 "$PLATFORM_DB" "INSERT INTO provision_log (kunden_id, message) VALUES ($KID, 'Certbot Fehler')"
    fi

    echo "$LOG_PREFIX  → $SLUG fertig"

done <<< "$PENDING"