-- Copyright 2018 Eric Luehrsen <ericluehrsen@gmail.com>
-- Licensed to the public under the Apache License 2.0.

local m5, s5
local ztype, zones, servers, fallback, enabled

local fs = require "nixio.fs"
local ut = require "luci.util"
local sy = require "luci.sys"
local ds = require "luci.dispatcher"
local resolvfile = "/tmp/resolv.conf.auto"
local logerr = ut.exec("logread -e 'unbound.*error.*ssl library'")

m5 = Map("unbound")
s5 = m5:section(TypedSection, "zone", "Zones",
    translatef("Organize directed forward, stub, and authoritative zones"
    .. " <a href=\"%s\" target=\"_blank\">(help)</a>.",
    "https://www.unbound.net/",
    "https://github.com/openwrt/packages/blob/master/net/unbound/files/README.md"))

s5.addremove = true
s5.anonymous = true
s5.sortable = true
s5.template = "cbi/tblsection"
s5.extedit = ds.build_url("admin/services/unbound/zones/%s")

ztype = s5:option(DummyValue, "DummyType", translate("Type"))
ztype.rawhtml = true

zones = s5:option(DummyValue, "DummyZones", translate("Zones"))
zones.rawhtml = true

servers = s5:option(DummyValue, "DummyServers", translate("Servers"))
servers.rawhtml = true

fallback = s5:option(Flag, "fallback", translate("Fallback"))
fallback.rmempty = false

enabled = s5:option(Flag, "enabled", translate("Enable"))
enabled.rmempty = false


if logerr and (#logerr > 0) then
    logerr = logerr:sub((1 + #logerr - math.min(#logerr, 250)), #logerr)
    m5.message = translatef( "Note: SSL/TLS library is missing an API. "
        .. "Please review syslog. >> logread ... " .. logerr )
end


function s5.create(self, section)
    created = TypedSection.create(self, section)
end


function s5.parse(self, ...)
    TypedSection.parse(self, ...)
end


function ztype.cfgvalue(self, s)
    -- Format a meaningful tile for the Zone Type column
    local itxt = self.map:get(s, "zone_type")
    local itls = self.map:get(s, "tls_upstream")


    if itxt and itxt:match("forward") then
        if itls and (itls == "1") then
            return translate("Forward TLS")

        else
            return translate("Forward")
        end

    elseif itxt and itxt:match("stub") then
        return translate("Recurse")

    elseif itxt and itxt:match("auth") then
        return translate("AXFR")

    else
        return translate("Undefined")
    end
end


function zones.cfgvalue(self, s)
    -- Format a meaningful sentence for the Zones viewed column
    local xtxt, otxt
    local itxt = self.map:get(s, "zone_name")
    local itype = self.map:get(s, "zone_type")


    for xtxt in ut.imatch(itxt) do
        if (xtxt == ".") then
            -- zone_name lists
            xtxt = translate("(root)")
        end


        if otxt and (#otxt > 0) then
            otxt = otxt .. ", <var>%s</var>" % xtxt

        else
            otxt = "<var>%s</var>" % xtxt
        end
    end


    if otxt and (#otxt > 0) then
        if itype and itype:match("forward") then
            -- from zone_type create a readable hint for the action
            otxt = translate("accept upstream results for ") .. otxt

        elseif itype and itype:match("stub") then
            otxt = translate("select recursion for ") .. otxt

        elseif itype and itype:match("auth") then
            otxt = translate("prefetch zone files for ") .. otxt

        else
            otxt = translate("unknown action for ") .. otxt
        end


        return otxt

    else
        return "(empty)"
    end
end


function servers.cfgvalue(self, s)
    -- Format a meaningful sentence for the Servers (and URL) column
    local xtxt, otxt, rtxt, found
    local itxt = self.map:get(s, "server")
    local iurl = self.map:get(s, "url_dir")
    local itype = self.map:get(s, "zone_type")
    local itls = self.map:get(s, "tls_upstream")
    local iidx = self.map:get(s, "tls_index")
    local irslv = self.map:get(s, "resolv_conf")


    for xtxt in ut.imatch(itxt) do
        if otxt and (#otxt > 0) then
            -- bundle and make pretty the server list
            otxt = otxt .. ", <var>%s</var>" % xtxt

        else
            otxt = "<var>%s</var>" % xtxt
        end
    end


    if otxt and (#otxt > 0) then
        otxt = translate("use nameservers ") .. otxt
    end


    if otxt and (#otxt > 0)
    and itls and (itls == "1")
    and iidx and (#iidx > 0) then
        -- show TLS certificate name index if provided
        otxt = otxt .. translatef(
                    " with default certificate for <var>%s</var>", iidx)
    end


    if iurl and (#iurl > 0) and itype and itype:match("auth") then
        if otxt and (#otxt > 0) then
            -- include optional URL filed for auth-zone: type
            otxt = otxt .. translatef(", and try <var>%s</var>", iurl)

        else
            otxt = translatef("download from <var>%s</var>", iurl)
        end
    end


    if irslv and (irslv == "1") and itype and itype:match("forward") then
        for xtxt in ut.imatch(fs.readfile(resolvfile)) do
            if xtxt:match("nameserver") then
                found = true

            elseif (found == true) then
                if rtxt and (#rtxt > 0) then
                    -- fetch name servers from resolv.conf
                    rtxt = rtxt .. ", <var>%s</var>" % xtxt

                else
                    rtxt = "<var>%s</var>" % xtxt
                end


                found = false
            end
        end


        if otxt and (#otxt > 0) and rtxt and (#rtxt > 0) then
            otxt = otxt .. translatef(
                    ", and <var>%s</var> entries ", resolvfile) .. rtxt

        elseif rtxt and (#rtxt > 0) then
            otxt = translatef(
                    "use <var>%s</var> nameservers ", resolvfile) .. rtxt
        end
    end


    if otxt and (#otxt > 0) then
        return otxt

    else
        return "(empty)"
    end
end


function m5.on_commit(self)
    if sy.init.enabled("unbound") then
        -- Restart Unbound with configuration
        sy.call("/etc/init.d/unbound restart >/dev/null 2>&1")

    else
        sy.call("/etc/init.d/unbound stop >/dev/null 2>&1")
    end
end


return m5