#!/bin/sh

. ../common/ajax_common

radis_auth_conf="${PGETC}/web/radius_auth.conf"
ldap_auth_conf="${PGETC}/web/ldap_auth.conf"

WEBACL="${PGETC}/web/webacl.conf"
OLD_PSWD_FILE="${PGPATH}/admin/.htpasswd"

if [ "${PALANG}" = "en" ]; then
	LANG001="Error"		#ʧ
	LANG002="Success"	#ɹ
fi


load_sys_user()
{
	pswdTTL=0
	[ -f ${WEBACL} ] && . ${WEBACL}

	printf "["

	for ufile in `find ${USER_DIR} -type f | grep -v ".json" `
	do
		printf "${dot}{"
		printf "\"ttl\":${pswdTTL}"

		awk -F"=" \
		'{
			if($1 == "password") next;
			printf ",\"%s\":\"%s\"", $1, $2;
		}' ${ufile}

		printf "}"

		[ "${dot}" = "" ] && dot=","
	done

	printf "]"
}


load_iptable_dict()
{
	${FLOWEYE} table list | awk \
	'BEGIN{
		dot = "";
		printf "{";
	}{
		printf "%s\"%s\":\"%s\"", dot, $1, $2;
		if(dot == "") dot = ",";
	}END{
		printf "}";
	}'
}


list_sys_user()
{
	printf "{"
	printf "\"iptab\":`load_iptable_dict`"
	printf ",\"user\":`load_sys_user`"
	printf "}"
}


online_user_list()
{
	if [ "`uname`" = "Linux" ]; then
		STAT="/usr/bin/stat -c %Y"
	else
		STAT="/usr/ramdisk/bin/stat -f %m"
	fi

	printf "["

	for ufile in `find /usr/ramdisk/weblogin/ -name "paonline_*" -type f`
	do
		atime=`${STAT} ${ufile}`
		id=`echo ${ufile} | awk -F"/" '{print $NF}'`
		printf "${dot}{"
		printf "\"atime\":\"${atime}\""
		printf ",\"id\":\"${id}\""

		awk -F"=" \
		'{
			printf ",\"%s\":\"%s\"", $1, $2;
		}' ${ufile}

		printf "}"
		[ "${dot}" = "" ] && dot=","
	done

	printf "]"
}


click_online_user()
{
	if [ "`echo ${CGI_id} | cut -d'_' -f1`" = "paonline" ]; then
		id_file="/usr/ramdisk/weblogin/${CGI_id}"
		[ ! -f ${id_file} ] && retjson 1 "INV_USER_ID"

		. /usr/ramdisk/weblogin/${CGI_id}
		rm -f /usr/ramdisk/weblogin/${CGI_id}
		
		WEB_LOGGER "ǿû" "user=${user} ip=${ip}"
		retjson 0 "${LANG002:=ɹ}"
	else
		retjson 1 "INV_USER_ID"
	fi
}


load_webacl()
{
	webexit=1800
	verifyCode=0
	maxErr=0
	lockTime=30
	pswdTTL=0
	pswdLEN=8
	number=""
	bword=""
	sword=""
	other=""

	[ -f "${WEBACL}" ] && . "${WEBACL}"
	[ -f "${PGETC}/webexit.conf" ] && . ${PGETC}/webexit.conf

	webexit=$((${webexit}/60))
	lockTime=$((${lockTime}/60))
	pswdTTL=$((${pswdTTL}/24/60/60))
	
	printf "{"

	printf "\"webexit\":\"${webexit}\","
	printf "\"verifyCode\":${verifyCode},"
	printf "\"maxErr\":${maxErr},"
	printf "\"lockTime\":${lockTime},"
	printf "\"pswdLEN\":${pswdLEN},"
	printf "\"pswdTTL\":${pswdTTL},"
	printf "\"number\":\"${number}\","
	printf "\"bword\":\"${bword}\","
	printf "\"sword\":\"${sword}\","
	printf "\"other\":\"${other}\""

	printf "}"
}


load_adduser_env()
{
	printf "{"
	printf "\"iptab\":`load_iptable_dict`"
	printf ",\"webacl\":`load_webacl`"
	printf "}"
}


add_web_user()
{
	[ "${CGI_username}" = "" ] && retjson 1 "NO_USERNAME"

	ufile="${USER_DIR}/${CGI_username}"
	[ -f ${ufile} ] && retjson 1 "ûѴ"

	if [ "${CGI_iptab_id}" != "" ]; then
		iptab_name=`${FLOWEYE} table list | awk -v id=${CGI_iptab_id} '{if($1 == id)print $2}'`
		[ "${iptab_name}" = "" ] && retjson 1 "IPȺ鲻"
	fi

	src_name=`${ESCTOOL} -d ${CGI_username}`
	src_pswd=`${ESCTOOL} -d ${CGI_code}`

	is_ok=`echo ${src_name} | grep "-"`
	[ "${is_ok}" != "" ] && retjson 1 "˺ŲЯ-"

	echo "name=${src_name}" > ${ufile}
	echo "password=${CGI_code}" >> ${ufile}
	echo "lastedit=`date +%s`" >> ${ufile}
	echo "level=${CGI_level}" >> ${ufile}
	echo "iptab_id=${CGI_iptab_id}" >> ${ufile}
	echo "iptab_name=${iptab_name}" >> ${ufile}
	echo "anylogin=${CGI_anylogin}" >> ${ufile}
    echo "tf_authentication=${CGI_tf_authentication}" >> ${ufile}
    echo "email=${CGI_email}" >> ${ufile}
	echo "desc=${CGI_desc}" >> ${ufile}

	# ļ
	echo "${src_name}:${src_pswd}" >> ${OLD_PSWD_FILE}
	cp ${OLD_PSWD_FILE} ${RAMDISK}/admin/

	cp "${ufile}" "${PGPATH}/etc/webuser/"
	sync

	WEB_LOGGER "ϵͳû" "username=${src_name}"
	retjson 0 "${LANG002:=ɹ}"
}


edit_web_user()
{
	[ "${CGI_username}" = "" ] && retjson 1 "NO_USERNAME"

	ufile="${USER_DIR}/${CGI_username}"
	[ ! -f ${ufile} ] && retjson 1 "û"
	
	. ${ufile}

	# ȨУ,ԱҪУ
	aes_login_user=`${ESCTOOL} -e ${PANABIT_USER}`
	login_level=`grep "level=" ${USER_DIR}/${aes_login_user} | cut -d"=" -f2`

	if [ "${login_level}" != 0 ]; then
		[ "${CGI_cur}" != ${password} ] && retjson 1 "ǰ"
	fi

	if [ "${CGI_code}" = "" ]; then
		pswd=${password}
	else
		pswd=${CGI_code}
	fi

	if [ "${CGI_level}" = "" ]; then
		new_level=${level}
	else
		new_level=${CGI_level}
	fi

	if [ "${CGI_iptab_id}" = "" ]; then
		if [ "${login_level}" != "0" ]; then
			new_iptab_id="${iptab_id}"
			new_iptab_name="${iptab_name}"
		else
			new_iptab_id=""
			new_iptab_name=""
		fi
	else
		new_iptab_name=`${FLOWEYE} table list | awk -v id=${CGI_iptab_id} '{if($1 == id)print $2}'`
		[ "${new_iptab_name}" = "" ] && retjson 1 "IPȺ鲻"
		new_iptab_id="${CGI_iptab_id}"
	fi

	if [ "${CGI_anylogin}" = "" ]; then
		new_anylogin=${anylogin}
	else
		new_anylogin=${CGI_anylogin}
	fi

	src_name=`${ESCTOOL} -d ${CGI_username}`
	src_pswd=`${ESCTOOL} -d ${pswd}`

	echo "name=${src_name}" > ${ufile}
	echo "password=${pswd}" >> ${ufile}
	echo "lastedit=`date +%s`" >> ${ufile}
	echo "level=${new_level}" >> ${ufile}
	echo "iptab_id=${new_iptab_id}" >> ${ufile}
	echo "iptab_name=${new_iptab_name}" >> ${ufile}
	echo "anylogin=${new_anylogin}" >> ${ufile}
    echo "tf_authentication=${CGI_tf_authentication}" >> ${ufile}
    echo "email=${CGI_email}" >> ${ufile}
	echo "desc=${CGI_desc}" >> ${ufile}

	# ޸ľļ
	grep -v "${src_name}:" ${OLD_PSWD_FILE} >> ${OLD_PSWD_FILE}.bak
	echo "${src_name}:${src_pswd}" >> ${OLD_PSWD_FILE}.bak
	mv ${OLD_PSWD_FILE}.bak ${OLD_PSWD_FILE}
	cp ${OLD_PSWD_FILE} ${RAMDISK}/admin/

	cp "${ufile}" "${PGPATH}/etc/webuser/"
	sync

	WEB_LOGGER "༭ϵͳû" "username=${src_name}"
	retjson 0 "${LANG002:=ɹ}"
}


del_web_user()
{
	[ "${CGI_username}" = "" ] && retjson 1 "NO_USERNAME"

	aes_name=`${ESCTOOL} -e ${CGI_username}`
	ufile="${USER_DIR}/${aes_name}"
	[ ! -f ${ufile} ] && retjson 1 "û"

	rm -rf ${PGPATH}/etc/webuser/${aes_name} >/dev/null 2>&1
	rm -rf ${ufile} >/dev/null 2>&1

	# ɾļ
	grep -v "${CGI_username}:" ${OLD_PSWD_FILE} >> ${OLD_PSWD_FILE}.bak
	mv ${OLD_PSWD_FILE}.bak ${OLD_PSWD_FILE}
	cp ${OLD_PSWD_FILE} ${RAMDISK}/admin/

	sync
	WEB_LOGGER "ɾϵͳû" "username=${CGI_username}"
	retjson 0 "${LANG002:=ɹ}"
}


set_password_rule()
{
	WEBACL="${PGETC}/web/webacl.conf"

	verifyCode=0
	maxErr=0
	lockTime=30

	mkdir -p ${PGETC}/web

	[ -f ${WEBACL} ] && . ${WEBACL}
	CGI_pswdTTL=$((${CGI_pswdTTL}*24*60*60))

	echo "verifyCode=${verifyCode}" > ${WEBACL}
	echo "maxErr=${maxErr}"			>> ${WEBACL}
	echo "lockTime=${lockTime}"		>> ${WEBACL}
	echo "pswdTTL=${CGI_pswdTTL}"	>> ${WEBACL}
	echo "pswdLEN=${CGI_pswdLEN}"	>> ${WEBACL}
	echo "number=${CGI_number}"		>> ${WEBACL}
	echo "bword=${CGI_bword}"		>> ${WEBACL}
	echo "sword=${CGI_sword}"		>> ${WEBACL}
	echo "other=${CGI_other}"		>> ${WEBACL}
	echo "api_enable=${CGI_api_enable}"	>> ${WEBACL}

	retjson 0 "óɹ"
}


load_user_menu()
{
	HTMLROOT="/usr/ramdisk/admin/html"
	menu="${HTMLROOT}/assert/menu/menu.json"

	if [ "${NTM}" = "1" ]; then
		menu="${HTMLROOT}/App/ntm/assert/menu/menu.json"
	fi

	if [ -f "${RAMDISK}/etc/webuser/menu_${CGI_name}.json" ]; then
		menu="${RAMDISK}/etc/webuser/menu_${CGI_name}.json"
	fi

	print_json_file ${menu}
}


set_user_menu()
{
	echo "${CGI_url}" > ${PGPATH}/etc/webuser/menu_${CGI_name}.json
	echo "${CGI_url}" > ${RAMDISK}/etc/webuser/menu_${CGI_name}.json

	WEB_LOGGER "ûҳ" "name=${CGI_name}"
	retjson 0 "${LANG002:=ɹ}"
}


set_ldap_auth()
{
	mkdir -p "${PGETC}/web"

	echo "ldap_auth=${CGI_ldap_auth}" > ${ldap_auth_conf}
	echo "ldap_ip=${CGI_ldap_ip}" >> ${ldap_auth_conf}
	echo "ldap_port=${CGI_ldap_port}" >> ${ldap_auth_conf}
	echo "ldap_basedn=${CGI_ldap_basedn}" >> ${ldap_auth_conf}
	echo "ldap_level=${CGI_ldap_level}" >> ${ldap_auth_conf}
	echo "ldaps=${CGI_ldaps}" >> ${ldap_auth_conf}
	echo "auth_type=${CGI_auth_type}" >> ${ldap_auth_conf}
	echo "admin_username=${CGI_admin_username}" >> ${ldap_auth_conf}
	echo "admin_password=${CGI_admin_password}" >> ${ldap_auth_conf}

	WEB_LOGGER "LDAP֤¼ϵͳ" "ldap_auth=${CGI_ldap_auth}"
	retjson 0 "${LANG002:=ɹ}"
}


set_radius_auth()
{
	mkdir -p "${PGETC}/web"

	echo "radius_auth=${CGI_radius_auth}" > ${radis_auth_conf}
	echo "radius_server=${CGI_radius_server}" >> ${radis_auth_conf}
	echo "radius_nas=${CGI_radius_nas}" >> ${radis_auth_conf}
	echo "radius_key=${CGI_radius_key}" >> ${radis_auth_conf}
	echo "radius_timeout=${CGI_radius_timeout}" >> ${radis_auth_conf}
	echo "radius_level=${CGI_radius_level}" >> ${radis_auth_conf}

	WEB_LOGGER "Radius֤¼ϵͳ" "radius_auth=${CGI_radius_auth}"
	retjson 0 "${LANG002:=ɹ}"
}


load_ldap_auth()
{
	if [ ! -f ${ldap_auth_conf} ]; then
		printf "{}"
		return
	fi

	if [ -f "/usr/ramdisk/bin/ldapeye" ]; then
		have_ldapeye=1
	else
		have_ldapeye=0
	fi

	printf "{"
	printf "\"have_ldapeye\":\"${have_ldapeye}\""
	
	while read line
	do
		key=`echo ${line} | cut -d"=" -f1`
		val=`echo ${line} | cut -d"=" -f2-`

		printf ",\"${key}\":\"${val}\""
	done < ${ldap_auth_conf}
	printf "}"
}


load_radius_auth()
{
	if [ ! -f ${radis_auth_conf} ]; then
		printf "{}"
		return
	fi

	awk -F"=" \
	'BEGIN{
		dot = "";
		printf "{";
	}{
		printf "%s\"%s\":\"%s\"", dot , $1, $2;
		if(dot == "") dot = ",";
	}END{
		printf "}";
	}' ${radis_auth_conf}
}


load_auth_type()
{
	printf "{"
	printf "\"ldap\":`load_ldap_auth`"
	printf ",\"radius\":`load_radius_auth`"
	printf "}"
}


case "${CGI_action}" in

	"load_sys_user")
		retjson 0 "OK" "`load_sys_user`"
		;;

	"list_sys_user")
		retjson 0 "OK" "`list_sys_user`"
		;;

	"online_user_list")
		retjson 0 "OK" "`online_user_list`"
		;;

	"click_online_user")
		admin_check
		click_online_user
		;;

	"load_adduser_env")
		retjson 0 "OK" "`load_adduser_env`"
		;;

	"set_password_rule")
		admin_check
		set_password_rule
		;;

	"edit_web_user")
		edit_web_user
		;;

	"add_web_user")
		admin_check
		add_web_user
		;;

	"del_web_user")
		admin_check
		del_web_user
		;;

	"set_moreadmin")
		admin_check
		set_moreadmin
		;;

	"load_user_menu")
		retjson 0 "OK" "`load_user_menu`"
		;;

	"set_user_menu")
		admin_check
		set_user_menu
		;;

	"set_ldap_auth")
		action_check
		set_ldap_auth
		;;

	"set_radius_auth")
		action_check
		set_radius_auth
		;;

	"load_auth_type")
		retjson 0 "OK" "`load_auth_type`"
		;;

	*)
		retjson 1 "UNKNOW_ACTION"
		;;
esac
