#!/bin/bash
die() { echo >&2 "gitea: ERROR $*" ; exit 1 ; }
info() { echo >&2 "gitea: $*" ; }

DIRNAME="$(dirname $0)"
cd "$DIRNAME"

source ../env.production || die "no top level environment"
source ./env.production || die "no local environment"

DATA="../data/gitea"
SECRETS="$DATA/env.secrets"
INI="$DATA/gitea/conf/app.ini"

if [ -r "$SECRETS" ]; then
	docker-compose up -d || die "unable to start"
	exit 0
fi


GITEA_CLIENT_SECRET="$(openssl rand -hex 32)"

info "creating new secrets $SECRETS"

mkdir -p "$DATA"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN
GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
EOF


docker-compose down 2>/dev/null

../keycloak/client-delete gitea 2>/dev/null
../keycloak/client-create <<EOF || die "unable to create gitea client"
{
	"clientId": "gitea",
	"rootUrl": "https://$GITEA_HOSTNAME",
	"adminUrl": "https://$GITEA_HOSTNAME",
	"redirectUris": [ "https://$GITEA_HOSTNAME/*" ],
	"webOrigins": [ "https://$GITEA_HOSTNAME" ],
	"clientAuthenticatorType": "client-secret",
	"secret": "$GITEA_CLIENT_SECRET"
}
EOF

docker-compose up -d || die "unable to start container"

echo SLEEPING
sleep 10

test -f "$INI" || die "missing $INI"

info "enabling OpenID in $INI"
grep --quiet '\[openid\]' "$INI" || {
  echo <<EOF >> "$INI" || die "unable to enable OpenID in $INI"
;service]
; Only allow registering via OpenID
;DISABLE_REGISTRATION = false
;ALLOW_ONLY_EXTERNAL_REGISTRATION = true
[openid]
; do not allow signin to local users via OpenID
ENABLE_OPENID_SIGNIN = false
; allow creation of new users via OpenID
ENABLE_OPENID_SIGNUP = true
EOF
}

info "restarting"
docker-compose down
docker-compose up -d || die "unable to start container"