#!/usr/bin/env bash

# Copyright The agentregistry Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# The install script is based off of the MIT-licensed script from glide,
# the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get

: ${BINARY_NAME:="arctl"}
: ${USE_SUDO:="true"}
: ${DEBUG:="false"}
: ${VERIFY_CHECKSUM:="true"}
: ${ARCTL_INSTALL_DIR:="/usr/local/bin"}

HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)"
HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)"
HAS_OPENSSL="$(type "openssl" &> /dev/null && echo true || echo false)"
HAS_GPG="$(type "gpg" &> /dev/null && echo true || echo false)"
HAS_GIT="$(type "git" &> /dev/null && echo true || echo false)"
HAS_TAR="$(type "tar" &> /dev/null && echo true || echo false)"
HAS_JQ="$(type "jq" &> /dev/null && echo true || echo false)"

# initArch discovers the architecture for this system.
initArch() {
  ARCH=$(uname -m)
  case $ARCH in
    armv5*) ARCH="armv5";;
    armv6*) ARCH="armv6";;
    armv7*) ARCH="arm";;
    aarch64) ARCH="arm64";;
    x86) ARCH="386";;
    x86_64) ARCH="amd64";;
    i686) ARCH="386";;
    i386) ARCH="386";;
  esac
}

# initOS discovers the operating system for this system.
initOS() {
  OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')

  case "$OS" in
    # Minimalist GNU for Windows
    mingw*|cygwin*) OS='windows';;
  esac
}

# runs the given command as root (detects if we are root already)
runAsRoot() {
  if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
    sudo "${@}"
  else
    "${@}"
  fi
}

# verifySupported checks that the os/arch combination is supported for
# binary builds, as well whether or not necessary tools are present.
verifySupported() {
  local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nlinux-riscv64\nwindows-amd64\nwindows-arm64"
  if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then
    echo "No prebuilt binary for ${OS}-${ARCH}."
    echo "To build from source, go to https://github.com/agentregistry-dev/agentregistry"
    exit 1
  fi

  if [ "${HAS_CURL}" != "true" ] && [ "${HAS_WGET}" != "true" ]; then
    echo "Either curl or wget is required"
    exit 1
  fi

  if [ "${VERIFY_CHECKSUM}" == "true" ] && [ "${HAS_OPENSSL}" != "true" ]; then
    echo "In order to verify checksum, openssl must first be installed."
    echo "Please install openssl or set VERIFY_CHECKSUM=false in your environment."
    exit 1
  fi

  if [ "${HAS_GIT}" != "true" ]; then
    echo "[WARNING] Could not find git. It is required for plugin installation."
  fi

  if [ "${HAS_TAR}" != "true" ]; then
    echo "[ERROR] Could not find tar. It is required to extract the arctl binary archive."
    exit 1
  fi

  if [ "${HAS_JQ}" != "true" ]; then
    echo "[ERROR] Could not find jq. It is required to parse the arctl version."
    exit 1
  fi
}

# checkDesiredVersion checks if the desired version is available.
checkDesiredVersion() {
  if [ "x$DESIRED_VERSION" == "x" ]; then
    # Get tag from release URL
    local latest_release_url="https://api.github.com/repos/agentregistry-dev/agentregistry/releases/latest"
    local latest_release_response=""
    if [ "${HAS_CURL}" == "true" ]; then
      latest_release_response=$( curl -L --silent --show-error --fail "$latest_release_url" 2>&1 || true )
    elif [ "${HAS_WGET}" == "true" ]; then
      latest_release_response=$( wget "$latest_release_url" -q -O - 2>&1 || true )
    fi
    TAG=$( echo "$latest_release_response" | jq -r .tag_name 2>/dev/null | grep '^v[0-9]' )
    if [ "x$TAG" == "x" ]; then
      printf "Could not retrieve the latest release tag information from %s: %s\n" "${latest_release_url}" "${latest_release_response}"
      exit 1
    fi
  else
    TAG=$DESIRED_VERSION
  fi
}

# checkArctlInstalledVersion checks which version of arctl is installed and
# if it needs to be changed.
checkArctlInstalledVersion() {
  if [[ -f "${ARCTL_INSTALL_DIR}/${BINARY_NAME}" ]]; then
    local version=$("${ARCTL_INSTALL_DIR}/${BINARY_NAME}" version --json 2>/dev/null | jq -r '.arctl_version')
    if [[ "$version" == "$TAG" ]]; then
      echo "arctl ${version} is already ${DESIRED_VERSION:-latest}"
      return 0
    else
      echo "arctl ${TAG} is available. Changing from version ${version}."
      return 1
    fi
  else
    return 1
  fi
}

# downloadFile downloads the latest binary package and also the checksum
# for that binary.
downloadFile() {
  ARCTL_DIST="arctl-$OS-$ARCH"
  DOWNLOAD_URL="https://github.com/agentregistry-dev/agentregistry/releases/download/$TAG/$ARCTL_DIST"
  CHECKSUM_URL="$DOWNLOAD_URL.sha256"
  ARCTL_TMP_ROOT="$(mktemp -dt arctl-installer-XXXXXX)"
  ARCTL_TMP_FILE="$ARCTL_TMP_ROOT/$ARCTL_DIST"
  ARCTL_SUM_FILE="$ARCTL_TMP_ROOT/$ARCTL_DIST.sha256"
  echo "Downloading $DOWNLOAD_URL"
  if [ "${HAS_CURL}" == "true" ]; then
    curl -SsL "$CHECKSUM_URL" -o "$ARCTL_SUM_FILE"
    curl -SsL "$DOWNLOAD_URL" -o "$ARCTL_TMP_FILE"
  elif [ "${HAS_WGET}" == "true" ]; then
    wget -q -O "$ARCTL_SUM_FILE" "$CHECKSUM_URL"
    wget -q -O "$ARCTL_TMP_FILE" "$DOWNLOAD_URL"
  fi
}

# verifyFile verifies the SHA256 checksum of the binary package
# and the GPG signatures for both the package and checksum file
# (depending on settings in environment).
verifyFile() {
  if [ "${VERIFY_CHECKSUM}" == "true" ]; then
    verifyChecksum
  fi
}

# installFile installs the arctl binary.
installFile() {
  echo "Preparing to install $BINARY_NAME into ${ARCTL_INSTALL_DIR}"
  runAsRoot chmod +x "$ARCTL_TMP_ROOT/$BINARY_NAME-$OS-$ARCH"
  runAsRoot cp "$ARCTL_TMP_ROOT/$BINARY_NAME-$OS-$ARCH" "$ARCTL_INSTALL_DIR/$BINARY_NAME"
  echo "$BINARY_NAME installed into $ARCTL_INSTALL_DIR/$BINARY_NAME"
}

# verifyChecksum verifies the SHA256 checksum of the binary package.
verifyChecksum() {
  printf "Verifying checksum... "
  local sum=$(openssl sha1 -sha256 ${ARCTL_TMP_FILE} | awk '{print $2}')
  local expected_sum=$(cat ${ARCTL_SUM_FILE} | awk '{print $1}')
  if [ "$sum" != "$expected_sum" ]; then
    echo "SHA sum of ${ARCTL_TMP_FILE} does not match. Aborting."
    exit 1
  fi
  echo "Done."
}

# fail_trap is executed if an error occurs.
fail_trap() {
  result=$?
  if [ "$result" != "0" ]; then
    if [[ -n "$INPUT_ARGUMENTS" ]]; then
      echo "Failed to install $BINARY_NAME with the arguments provided: $INPUT_ARGUMENTS"
      help
    else
      echo "Failed to install $BINARY_NAME"
    fi
    echo -e "\tFor support, go to https://github.com/agentregistry-dev/agentregistry."
  fi
  cleanup
  exit $result
}

# testVersion tests the installed client to make sure it is working.
testVersion() {
  set +e
  ARCTL="$(command -v $BINARY_NAME)"
  if [ "$?" = "1" ]; then
    echo "$BINARY_NAME not found. Is $ARCTL_INSTALL_DIR on your "'$PATH?'
    exit 1
  fi
  set -e
}

# help provides possible cli installation arguments
help () {
  echo "Accepted cli arguments are:"
  echo -e "\t[--help|-h ] ->> prints this help"
  echo -e "\t[--version|-v <desired_version>] . When not defined it fetches the latest release tag from the agentregistry GitHub repository"
  echo -e "\te.g. --version v3.0.0 or -v canary"
  echo -e "\t[--no-sudo] ->> install without sudo (installs to \$HOME/bin instead of /usr/local/bin)"
}

# cleanup temporary files to avoid https://github.com/helm/helm/issues/2977
cleanup() {
  if [[ -d "${ARCTL_TMP_ROOT:-}" ]]; then
    rm -rf "$ARCTL_TMP_ROOT"
  fi
}

# checkHomeBinPath checks if $HOME/bin is in the user's PATH and provides warnings and instructions if it is missing.
checkHomeBinPath() {
  case ":$PATH:" in
    *":$HOME/bin:"*) return 0 ;;
  esac
  echo "Warning: $HOME/bin is not in your PATH. You may need to add it to your PATH to use arctl."
  echo "You can add it by running:"
  cat <<EOF
  echo 'export PATH="\$HOME/bin:\$PATH"' >> ~/.bashrc  # for bash
  echo 'export PATH="\$HOME/bin:\$PATH"' >> ~/.zshrc   # for zsh
  echo 'export PATH="\$HOME/bin:\$PATH"' >> ~/.profile # for other shells
EOF
}

# Execution

#Stop execution on any error
trap "fail_trap" EXIT
set -e

# Set debug if desired
if [ "${DEBUG}" == "true" ]; then
  set -x
fi

# Parsing input arguments (if any)
export INPUT_ARGUMENTS="${@}"
set -u
while [[ $# -gt 0 ]]; do
  case $1 in
    '--version'|-v)
       shift
       if [[ $# -ne 0 ]]; then
           export DESIRED_VERSION="${1}"
           if [[ "$1" != "v"* ]]; then
               echo "Expected version arg ('${DESIRED_VERSION}') to begin with 'v', fixing..."
               export DESIRED_VERSION="v${1}"
           fi
       else
           echo -e "Please provide the desired version. e.g. --version v0.1.0 or -v canary"
           exit 0
       fi
       ;;
    '--no-sudo')
       USE_SUDO="false"
       ARCTL_INSTALL_DIR="$HOME/bin"
       if [ ! -d "$HOME/bin" ]; then
         mkdir -p "$HOME/bin"
         echo "Created directory $HOME/bin"
       fi
       checkHomeBinPath
       ;;
    '--help'|-h)
       help
       exit 0
       ;;
    *) exit 1
       ;;
  esac
  shift
done
set +u

initArch
initOS
verifySupported
checkDesiredVersion
if ! checkArctlInstalledVersion; then
  downloadFile
  verifyFile
  installFile
fi
testVersion
cleanup