#!/bin/bash

setupVars="/etc/pivpn/wireguard/setupVars.conf"

if [ ! -f "${setupVars}" ]; then
    echo "::: Missing setup vars file!"
    exit 1
fi

source "${setupVars}"

helpFunc(){
    echo "::: Remove a client conf profile"
    echo ":::"
    echo "::: Usage: pivpn <-r|remove> [-y|--yes] [-h|--help] [<client-1>] ... [<client-n>] ..."
    echo ":::"
    echo "::: Commands:"
    echo ":::  [none]               Interactive mode"
    echo ":::  <client>             Client(s) to remove"
    echo ":::  -y,--yes             Remove Client(s) without confirmation"
    echo ":::  -h,--help            Show this help dialog"
}

# Parse input arguments
while test $# -gt 0
do
    _key="$1"
    case "$_key" in
        -h|--help)
            helpFunc
            exit 0
            ;;
        -y|--yes)
            CONFIRM=true
            ;;
        *)
            CLIENTS_TO_REMOVE+=("$1")
            ;;
    esac
    shift
done

cd /etc/wireguard
if [ ! -s configs/clients.txt ]; then
    echo "::: There are no clients to remove"
    exit 1
fi

LIST=($(awk '{print $1}' configs/clients.txt))
if [ "${#CLIENTS_TO_REMOVE[@]}" -eq 0 ]; then
    echo -e "::\e[4m  Client list  \e[0m::"
    len=${#LIST[@]}
    COUNTER=1
    while [ $COUNTER -le ${len} ]; do
        printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
        ((COUNTER++))
    done

    read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_REMOVE

    if [ -z "${CLIENTS_TO_REMOVE}" ]; then
        echo "::: You can not leave this blank!"
        exit 1
    fi
fi

DELETED_COUNT=0

for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do

    re='^[0-9]+$'
    if [[ ${CLIENT_NAME} =~ $re ]] ; then
        CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
    fi

    if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
        echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
    else
        REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)"
        if [ -n "$CONFIRM" ]; then
            REPLY="y"
        else
            read -r -p "Do you really want to delete $CLIENT_NAME? [y/N] "
        fi

        if [[ $REPLY =~ ^[Yy]$ ]]; then

            # Grab the least significant octed of the client IP address
            COUNT=$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $4}')
            # The creation date of the client
            CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $3}')"
            # And its public key
            PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $2}')"

            # Then remove the client matching the variables above
            sed "\#${CLIENT_NAME} ${PUBLIC_KEY} ${CREATION_DATE} ${COUNT}#d" -i configs/clients.txt

            # Remove the peer section from the server config
            sed "/### begin ${CLIENT_NAME} ###/,/### end ${CLIENT_NAME} ###/d" -i wg0.conf
            echo "::: Updated server config"

            rm "configs/${CLIENT_NAME}.conf"
            echo "::: Client config for ${CLIENT_NAME} removed"

            rm "keys/${CLIENT_NAME}_priv"
            rm "keys/${CLIENT_NAME}_pub"
            rm "keys/${CLIENT_NAME}_psk"
            echo "::: Client Keys for ${CLIENT_NAME} removed"

            # Find all .conf files in the home folder of the user matching the checksum of the
            # config and delete them. '-maxdepth 3' is used to avoid traversing too many folders.
            find "${install_home}" -maxdepth 3 -type f -name '*.conf' -print0 | while IFS= read -r -d '' CONFIG; do
                if sha256sum -c <<< "${REQUESTED}  ${CONFIG}" &> /dev/null; then
                    rm "${CONFIG}"
                fi
            done

            ((DELETED_COUNT++))
            echo "::: Successfully deleted ${CLIENT_NAME}"

            # If using Pi-hole, remove the client from the hosts file
            if [ -f /etc/pivpn/hosts.wireguard ]; then
                NET_REDUCED="${pivpnNET::-2}"
                sed "\#${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn#d" -i /etc/pivpn/hosts.wireguard
                if killall -SIGHUP pihole-FTL; then
                    echo "::: Updated hosts file for Pi-hole"
                else
                    echo "::: Failed to reload pihole-FTL configuration"
                fi
            fi

        else
            echo "Aborting operation"
            exit 1
        fi
    fi

done

# Restart WireGuard only if some clients were actually deleted
if [ "${DELETED_COUNT}" -gt 0 ]; then
    if systemctl reload wg-quick@wg0; then
        echo "::: WireGuard reloaded"
    else
        echo "::: Failed to reload WireGuard"
    fi
fi