#!/bin/sh


after_upgrade() {
    :
#!/bin/sh

for_each_regular_user() {
    func="$1"

    UID_MIN=$(grep -Po '^UID_MIN[[:space:]]*\K([[:digit:]]*)' /etc/login.defs)
    UID_MAX=$(grep -Po '^UID_MAX[[:space:]]*\K([[:digit:]]*)' /etc/login.defs)

    getent passwd | while read -r entry; do
        #1        2      3   4   5           6    7
        #username:passwd:uid:gid:description:home:shell
        username=$(echo "$entry" | cut -d ":" -f1)
        uid=$(echo "$entry" | cut -d ":" -f3)
        home=$(echo "$entry" | cut -d ":" -f6)

        if [ "$uid" -ge "$UID_MIN" ] && [ "$uid" -le "$UID_MAX" ]; then
            "$func" "$username" "$home"
        fi
    done
}

enable_or_restart_warp_taskbar_service() {
    username=$1
    home=$2

    XDG_RUNTIME_DIR="/run/user/$(id -u $username)"

    if [ -e $XDG_RUNTIME_DIR ]; then
        # The following command is the correct way to control user systemd, but
        # unfortunately it is only available in systemd v248 and higher. Once
        # all supported platforms support system v248 or higher we can switch
        # and remove the if check
        #
        # systemctl --machine=$username@.host --user daemon-reload
        # systemctl --machine=$username@.host --user stop warp-taskbar
        # systemctl --machine=$username@.host --user start warp-taskbar

        su - $username --shell=/bin/sh -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user daemon-reload'
        su - $username --shell=/bin/sh -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user stop warp-taskbar || true'
        su - $username --shell=/bin/sh -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user start warp-taskbar'
    fi
}

# In Dec 2021, it was discovered that Cloudflare had leaked the PGP key used to
# sign Cloudflare WARP Client deb packages. The instructions at the time had
# users install this key as a trusted key using apt-key. To prevent attackers
# from using this key, we forcibly delete it from the user's machine.
if command -v apt-key > /dev/null; then
    apt-key del 835b8acb > /dev/null
fi

# Enable or restart the warp taskbar with the new binary
for_each_regular_user enable_or_restart_warp_taskbar_service

systemctl --system daemon-reload >/dev/null || true
debsystemctl=$(command -v deb-systemd-invoke || echo systemctl)
if ! systemctl is-enabled warp-svc.service >/dev/null 
then
  : # Ensure this if-clause is not empty. If it were empty, and we had an 'else', then it is an error in shell syntax
    systemctl enable warp-svc.service >/dev/null || true
    $debsystemctl start warp-svc.service >/dev/null || true
else
    $debsystemctl restart warp-svc.service >/dev/null || true
fi
}

after_install() {
    :
for_each_regular_user() {
    func="$1"

    UID_MIN=$(grep -Po '^UID_MIN[[:space:]]*\K([[:digit:]]*)' /etc/login.defs)
    UID_MAX=$(grep -Po '^UID_MAX[[:space:]]*\K([[:digit:]]*)' /etc/login.defs)

    getent passwd | while read -r entry; do
        #1        2      3   4   5           6    7
        #username:passwd:uid:gid:description:home:shell
        username=$(echo "$entry" | cut -d ":" -f1)
        uid=$(echo "$entry" | cut -d ":" -f3)
        home=$(echo "$entry" | cut -d ":" -f6)

        if [ "$uid" -ge "$UID_MIN" ] && [ "$uid" -le "$UID_MAX" ]; then
            "$func" "$username" "$home"
        fi
    done
}

enable_warp_taskbar_service() {
    username=$1
    home=$2

    XDG_RUNTIME_DIR="/run/user/$(id -u $username)"

    if [ -e $XDG_RUNTIME_DIR ]; then
        # The following command is the correct way to control user systemd, but
        # unfortunately it is only available in systemd v248 and higher. Once
        # all supported platforms support system v248 or higher we can switch
        # and remove the if check
        #
        # systemctl --machine=$username@.host --user daemon-reload
        # systemctl --machine=$username@.host --user start warp-taskbar

        su - $username --shell=/bin/sh -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user daemon-reload'
        su - $username --shell=/bin/sh -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user start warp-taskbar'
    fi
}

if command -v setcap > /dev/null; then
    if ! setcap cap_setuid,cap_setgid,cap_net_raw,cap_dac_read_search,cap_net_admin,cap_net_bind_service,cap_sys_ptrace+ei /bin/warp-svc; then
        echo "setcap failed on /bin/warp-svc" >&2
        exit 1
    fi
else
    echo "setcap is not installed" >&2
    exit 1
fi

# In Dec 2021, it was discovered that Cloudflare had leaked the PGP key used to
# sign Cloudflare WARP Client deb packages. The instructions at the time had
# users install this key as a trusted key using apt-key. To prevent attackers
# from using this key, we forcibly delete it from the user's machine.
if command -v apt-key > /dev/null; then
    apt-key del 835b8acb > /dev/null
fi

# Setup the user systemd service
for_each_regular_user enable_warp_taskbar_service


systemctl --system daemon-reload >/dev/null || true
debsystemctl=$(command -v deb-systemd-invoke || echo systemctl)
systemctl enable warp-svc.service >/dev/null || true
$debsystemctl start warp-svc.service >/dev/null || true
}

if [ "${1}" = "configure" -a -z "${2}" ] || \
   [ "${1}" = "abort-remove" ]
then
    # "after install" here
    # "abort-remove" happens when the pre-removal script failed.
    #   In that case, this script, which should be idemptoent, is run
    #   to ensure a clean roll-back of the removal.
    after_install
elif [ "${1}" = "configure" -a -n "${2}" ]
then
    upgradeFromVersion="${2}"
    # "after upgrade" here
    # NOTE: This slot is also used when deb packages are removed,
    # but their config files aren't, but a newer version of the
    # package is installed later, called "Config-Files" state.
    # basically, that still looks a _lot_ like an upgrade to me.
    after_upgrade "${2}"
elif echo "${1}" | grep -E -q "(abort|fail)"
then
    echo "Failed to install before the post-installation script was run." >&2
    exit 1
fi
