#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/generate_account_suspension_include
#                                                  Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

package generate_account_suspension_include;

use strict;

use Cpanel::ConfigFiles::Apache          ();
use Cpanel::PwCache::Build               ();
use Cpanel::LoadModule                   ();
use Cpanel::FileUtils::Write             ();
use Cpanel::FileUtils::Dir               ();
use Cpanel::HttpUtils::ApRestart::BgSafe ();
use Cpanel::LoadFile                     ();
use Cpanel::Usage                        ();

my $apacheconf = Cpanel::ConfigFiles::Apache->new();

sub _suspension_include_file {
    return $apacheconf->dir_conf_includes() . '/account_suspensions.conf';
}

sub _suspension_dir {
    return '/var/cpanel/suspended/';
}

sub _test_legacy_include_dir {
    return $apacheconf->dir_conf_userdata() . '/std/2/';
}

sub main {
    my @argv    = @_;
    my $update  = 0;
    my $restart = 0;
    my $convert = 0;
    my $verbose = 0;
    Cpanel::Usage::wrap_options( \@argv, \&usage, { update => \$update, restart => \$restart, convert => \$convert, verbose => \$verbose } );

    if ($update) {
        output("Starting update\n") if $verbose;
        if ( update_include($convert) ) {
            output("Account suspension include updated\n") if $verbose;
            if ($restart) {
                output("Queueing Apache restart\n") if $verbose;
                Cpanel::HttpUtils::ApRestart::BgSafe::restart();
            }
            else {
                output("Skipping Apache restart\n") if $verbose;
            }
        }
        else {
            output("Account suspension include was already up to date.\n") if $verbose;
        }
    }
    else {
        usage();
    }
    return 0;
}

sub output {
    my $message = shift;
    return print $message;
}

# Not called internally; this is here for code that loads this script
# as a module.
sub update_include_and_restart_httpd () {
    update_include(0);
    Cpanel::HttpUtils::ApRestart::BgSafe::restart();

    return;
}

sub update_include {
    my ($convert)                   = @_;
    my %original_suspended_docroots = ();
    my %retained_suspended_docroots = ();
    my %new_suspended_docroots      = ();

    my $suspension_contents = -e _suspension_include_file() ? Cpanel::LoadFile::loadfile( _suspension_include_file() ) : '';

    while ( $suspension_contents =~ /<Directory "([^\n]+)">\n/g ) {
        $original_suspended_docroots{$1} = undef;
    }

    my %suspended_users = map { $_ => 1 } @{ Cpanel::FileUtils::Dir::get_directory_nodes_if_exists( _suspension_dir() ) // [] };
    my $pwcache_ref     = Cpanel::PwCache::Build::fetch_pwcache();
    foreach my $pw_ent (@$pwcache_ref) {
        my ( $user, $uid, $gid, $homedir ) = @{$pw_ent}[ 0, 2, 3, 7 ];
        if ($convert) {
            remove_old_suspension_includes($user);
        }
        if ( $suspended_users{$user} ) {
            if ( exists( $original_suspended_docroots{$homedir} ) ) {
                delete $original_suspended_docroots{$homedir};
                $retained_suspended_docroots{$homedir} = undef;
            }
            elsif ( exists( $retained_suspended_docroots{$homedir} ) ) {

                # Homedir is listed twice in /etc/passwd?
            }
            else {
                $new_suspended_docroots{$homedir} = undef;
            }
        }
    }

    if ( !$suspension_contents || scalar keys %original_suspended_docroots || scalar keys %new_suspended_docroots ) {
        generate_include( keys %retained_suspended_docroots, keys %new_suspended_docroots );
        return 1;
    }
    return 0;
}

sub remove_old_suspension_includes {
    my $user = shift;

    if ( -e _test_legacy_include_dir() . "$user/$user-suspend.conf" ) {
        Cpanel::LoadModule::load_perl_module('Cpanel::EditHttpdconf');
        Cpanel::EditHttpdconf::del_vhost_include(
            {
                'user'                            => $user,
                'file'                            => "$user-suspend.conf",
                'ensure_vhost_include_directives' => 0,                      # The include line is left in the conf file. It will disappear during the next full rebuild
            }
        );
    }

    return;
}

sub generate_include {
    my @docroots         = @_;
    my $include_contents = <<EO_SUSPENSION_HEADER;
# This include file is automatically generated by
# /usr/local/cpanel/scripts/generate_account_suspension_include
# Any manual edits inside this file will be lost whenever account
# suspensions are updated.

RewriteEngine On

EO_SUSPENSION_HEADER

    foreach my $docroot ( sort @docroots ) {
        $include_contents .= <<EO_SUSPENSION;
<Directory "$docroot">
    AllowOverride none
    RedirectMatch ^/(?!cgi-sys/suspendedpage.cgi).* /cgi-sys/suspendedpage.cgi
</Directory>

EO_SUSPENSION
    }
    return Cpanel::FileUtils::Write::overwrite_no_exceptions( _suspension_include_file(), $include_contents, 0600 );
}

sub usage {
    my $usage = <<EO_USAGE;
generate_account_suspension_include [--update|--help] [options]

  Commands:
    --help       Brief help message
    --update     Update the account_suspensions . conf based on the system 's
                 current account suspensions

  Options:
    --convert    Remove legacy individual account suspension include files.
    --restart    Restart Apache if the account_suspensions.conf has changed
    --verbose    Display verbose information messages
EO_USAGE

    return output($usage);
}

exit main(@ARGV) unless caller();

1;