#!/bin/sh
# yadm - Yet Another Dotfiles Manager
# Copyright (C) 2015  Tim Byrne

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

#; execute script with bash (shebang line is /bin/sh for portability)
if [ -z "$BASH_VERSION" ]; then
  [ "$YADM_TEST" != 1 ] && exec bash "$0" "$@"
fi

VERSION=1.06

YADM_WORK="$HOME"
YADM_DIR="$HOME/.yadm"

YADM_REPO="repo.git"
YADM_CONFIG="config"
YADM_ENCRYPT="encrypt"
YADM_ARCHIVE="files.gpg"

GPG_PROGRAM="gpg"
GIT_PROGRAM="git"
LS_PROGRAM="/bin/ls"

#; flag causing path translations with cygpath
USE_CYGPATH=0

#; flag when something may have changes (which prompts auto actions to be performed)
CHANGES_POSSIBLE=0

function main() {

  require_git

  #; create the YADM_DIR if it doesn't exist yet
  [ -d "$YADM_DIR" ] || mkdir -p "$YADM_DIR"

  #; parse command line arguments
  local retval=0
  internal_commands="^(alt|clean|clone|config|decrypt|encrypt|help|init|list|perms|version)$"
  if [ -z "$*" ] ; then
    #; no argumnts will result in help()
    help
  elif [[ "$1" =~ $internal_commands ]] ; then
    #; for internal commands, process all of the arguments
    YADM_COMMAND="$1"
    YADM_ARGS=()
    shift

    while [[ $# -gt 0 ]] ; do
      key="$1"
      case $key in
        -a) #; used by list()
          LIST_ALL="YES"
        ;;
        -d) #; used by all commands
          DEBUG="YES"
        ;;
        -f) #; used by init() and clone()
          FORCE="YES"
        ;;
        -l) #; used by decrypt()
          DO_LIST="YES"
        ;;
        -w) #; used by init() and clone()
          if [[ ! "$2" =~ ^/ ]] ; then
            error_out "You must specify a fully qualified work tree"
          fi
          YADM_WORK="$2"
          shift
        ;;
        *) #; any unhandled arguments
          YADM_ARGS+=("$1")
        ;;
      esac
      shift
    done
    [ ! -d "$YADM_WORK" ] && error_out "Work tree does not exist: [$YADM_WORK]"
    $YADM_COMMAND "${YADM_ARGS[@]}"
  else
    #; any other commands are simply passed through to git
    git_command "$@"
    retval="$?"
  fi

  #; process automatic events
  auto_alt
  auto_perms

  exit $retval

}

#; ****** yadm Commands ******

function alt() {

  require_repo

  #; regex for matching "<file>##SYSTEM.HOSTNAME.USER"
  match_system=$(uname -s)
  match_system="(%|$match_system)"
  match_host=$(hostname)
  match_host=${match_host%%.*} #; trim any domain from hostname
  match_host="(%|$match_host)"
  match_user=$(id -u -n)
  match_user="(%|$match_user)"
  match="^(.+)##($match_system|$match_system\.$match_host|$match_system\.$match_host\.$match_user|())$"

  #; process relative to YADM_WORK
  YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")
  cd "$YADM_WORK" || {
    debug "Alternates not processed, unable to cd to $YADM_WORK"
    return
  }

  #; only be noisy if the "alt" command was run directly
  [ "$YADM_COMMAND" = "alt" ] && loud="YES"

  #; loop over all "tracked" files
  #; for every file which matches the above regex, create a symlink
  last_linked=''
  local IFS=$'\n'
  for tracked_file in $("$GIT_PROGRAM" ls-files | sort) $(cat "$YADM_ENCRYPT" 2>/dev/null); do
    tracked_file="$YADM_WORK/$tracked_file"
    #; process both the path, and it's parent directory
    for alt_path in "$tracked_file" "${tracked_file%/*}"; do
      if [ -e "$alt_path" ] ; then
        if [[ $alt_path =~ $match ]] ; then
          if [ "$alt_path" != "$last_linked" ] ; then
            new_link="${BASH_REMATCH[1]}"
            debug "Linking $alt_path to $new_link"
            [ -n "$loud" ] && echo "Linking $alt_path to $new_link"
            ln -nfs "$alt_path" "$new_link"
            last_linked="$alt_path"
          fi
        fi
      fi
    done
  done

}

function clean() {

  error_out "\"git clean\" has been disabled for safety. You could end up removing all unmanaged files."

}

function clone() {

  #; clone will begin with a bare repo
  local empty=
  init $empty

  #; add the specified remote, and configure the repo to track origin/master
  debug "Adding remote to new repo"
  "$GIT_PROGRAM" remote add origin "$@"
  debug "Configuring new repo to track origin/master"
  "$GIT_PROGRAM" config branch.master.remote origin
  "$GIT_PROGRAM" config branch.master.merge refs/heads/master

  #; fetch / merge (and possibly fallback to reset)
  debug "Doing an initial fetch of the origin"
  "$GIT_PROGRAM" fetch origin || {
    debug "Removing repo after failed clone"
    rm -rf "$YADM_REPO"
    error_out "Unable to fetch origin $1"
  }
  debug "Doing an initial merge of origin/master"
  "$GIT_PROGRAM" merge origin/master || {
    debug "Merge failed, doing a reset."
    "$GIT_PROGRAM" reset origin/master
    cat <<EOF
**NOTE**
  Merging origin/master failed.
  yadm did 'reset origin/master' instead.

  This likely happened because you had files in your
  work-tree, which conflict files tracked by origin/master

  Please review and resolve any differences appropriately
  If you know what you're doing, and want to overwrite the
  tracked files, consider 'yadm reset --hard origin/master'
EOF
  }

  CHANGES_POSSIBLE=1

}

function config() {

  if [ -z "$*" ] ; then
    #; with no parameters, provide some helpful documentation
    echo TODO: Print help about available yadm configurations
  else
    #; operate on the yadm configuration file
    git config --file="$(mixed_path "$YADM_CONFIG")" "$@"
  fi

}

function decrypt() {

  require_gpg
  require_archive

  YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")

  if [ "$DO_LIST" = "YES" ] ; then
    tar_option="t"
  else
    tar_option="x"
  fi

  #; decrypt the archive
  if ($GPG_PROGRAM -d "$YADM_ARCHIVE" || echo 1) | tar v${tar_option}f - -C "$YADM_WORK"; then
    [ ! "$DO_LIST" = "YES" ] && echo "All files decrypted."
  else
    error_out "Unable to extract encrypted files."
  fi

  CHANGES_POSSIBLE=1

}

function encrypt() {

  require_gpg
  require_encrypt
  require_ls

  #; process relative to YADM_WORK
  YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")
  cd "$YADM_WORK" || {
    debug "Encryption not processed, unable to cd to $YADM_WORK"
    return
  }

  #; Build gpg options for gpg
  GPG_KEY="$(config yadm.gpg-recipient)"
  if [ "$GPG_KEY" = "ASK" ]; then
    GPG_OPTS=("--no-default-recipient" "-e")
  elif [ "$GPG_KEY" != "" ]; then
    GPG_OPTS=("-e" "-r $GPG_KEY")
  else
    GPG_OPTS=("-c")
  fi

  #; build a list of globs from YADM_ENCRYPT
  GLOBS=()
  while IFS='' read -r glob || [ -n "$glob" ]; do
    if [[ ! $glob =~ ^# && ! $glob =~ ^[[:space:]]*$ ]] ; then
      GLOBS=("${GLOBS[@]}" $(eval "$LS_PROGRAM" "$glob" 2>/dev/null))
    fi
  done < "$YADM_ENCRYPT"

  #; report which files will be encrypted
  echo "Encrypting the following files:"
  "$LS_PROGRAM" -1 "${GLOBS[@]}"
  echo

  #; encrypt all files which match the globs
  if tar -f - -c "${GLOBS[@]}" | $GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$YADM_ARCHIVE"; then
    echo "Wrote new file: $YADM_ARCHIVE"
  else
    error_out "Unable to write $YADM_ARCHIVE"
  fi

  #; offer to add YADM_ARCHIVE if untracked
  archive_status=$("$GIT_PROGRAM" status --porcelain -uall "$(mixed_path "$YADM_ARCHIVE")" 2>/dev/null)
  archive_regex="^\?\?"
  if [[ $archive_status =~ $archive_regex ]] ; then
    echo "It appears that $YADM_ARCHIVE is not tracked by yadm's repository."
    echo "Would you like to add it now? (y/n)"
    read -r answer
    if [[ $answer =~ ^[yY]$ ]] ; then
      "$GIT_PROGRAM" add "$(mixed_path "$YADM_ARCHIVE")"
    fi
  fi

  CHANGES_POSSIBLE=1

}

function git_command() {

  require_repo

  #; translate 'gitconfig' to 'config' -- 'config' is reserved for yadm
  if [ "$1" = "gitconfig" ] ; then
    set -- "config" "${@:2}"
  fi

  CHANGES_POSSIBLE=1

  #; pass commands through to git
  "$GIT_PROGRAM" "$@"
  return "$?"
}

function help() {

  cat << EOF
Usage: yadm <command> [options...]

Manage dotfiles maintained in a Git repository. Manage alternate files
for specific systems or hosts. Encrypt/decrypt private files.

Git Commands:
Any Git command or alias can be used as a <command>. It will operate
on yadm's repository and files in the work tree (usually \$HOME).

Commands:
  yadm init [-f]             - Initialize an empty repository
  yadm clone <url> [-f]      - Clone an existing repository
  yadm config <name> <value> - Configure a setting
  yadm list [-a]             - List tracked files
  yadm alt                   - Create links for alternates
  yadm encrypt               - Encrypt files
  yadm decrypt [-l]          - Decrypt files
  yadm perms                 - Fix perms for private files

Files:
  \$HOME/.yadm/config    - yadm's configuration file
  \$HOME/.yadm/repo.git  - yadm's Git repository
  \$HOME/.yadm/encrypt   - List of globs used for encrypt/decrypt
  \$HOME/.yadm/files.gpg - Encrypted data stored here

Use "man yadm" for complete documentation.
EOF

  exit 1

}

function init() {

  #; safety check, don't attempt to init when the repo is already present
  [ -d "$YADM_REPO" ] && [ -z "$FORCE" ] && \
    error_out "Git repo already exists. [$YADM_REPO]\nUse '-f' if you want to force it to be overwritten."

  #; remove existing if forcing the init to happen anyway
  [ -d "$YADM_REPO" ] && {
    debug "Removing existing repo prior to init"
    rm -rf "$YADM_REPO"
  }

  #; init a new bare repo
  debug "Init new repo"
  "$GIT_PROGRAM" init --shared=0600 --bare "$(mixed_path "$YADM_REPO")" "$@"
  configure_repo

  CHANGES_POSSIBLE=1

}

function list() {

  require_repo

  #; process relative to YADM_WORK when --all is specified
  if [ -n "$LIST_ALL" ] ; then
    YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")
    cd "$YADM_WORK" || {
      debug "List not processed, unable to cd to $YADM_WORK"
      return
    }
  fi

  #; list tracked files
  "$GIT_PROGRAM" ls-files

}

function perms() {

  require_ls

  #; TODO: prevent repeats in the files changed

  #; process relative to YADM_WORK
  YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")
  cd "$YADM_WORK" || {
    debug "Perms not processed, unable to cd to $YADM_WORK"
    return
  }

  GLOBS=()

  #; include the archive created by "encrypt"
  [ -f "$YADM_ARCHIVE" ] && GLOBS=("${GLOBS[@]}" "$YADM_ARCHIVE")

  #; include all .ssh files (unless disabled)
  if [[ $(config --bool yadm.ssh-perms) != "false" ]] ; then
    GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*")
  fi

  #; include all gpg files (unless disabled)
  if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then
    GLOBS=("${GLOBS[@]}" ".gnupg" ".gnupg/*")
  fi

  #; include globs found in YADM_ENCRYPT (if present)
  if [ -f "$YADM_ENCRYPT" ] ; then
    while IFS='' read -r glob || [ -n "$glob" ]; do
      if [[ ! $glob =~ ^# ]] ; then
        GLOBS=("${GLOBS[@]}" $(eval "$LS_PROGRAM" "$glob" 2>/dev/null))
      fi
    done < "$YADM_ENCRYPT"
  fi

  #; remove group/other permissions from collected globs
  #shellcheck disable=SC2068
  #(SC2068 is disabled because in this case, we desire globbing)
  chmod -f go-rwx ${GLOBS[@]} >/dev/null 2>&1
  #; TODO: detect and report changing permissions in a portable way

}

function version() {

  echo "yadm $VERSION"
  exit 0

}

#; ****** Utility Functions ******

function process_global_args() {

  #; global arguments are removed before the main processing is done
  MAIN_ARGS=()
  while [[ $# -gt 0 ]] ; do
    key="$1"
    case $key in
      -Y|--yadm-dir) #; override the standard YADM_DIR
        if [[ ! "$2" =~ ^/ ]] ; then
          error_out "You must specify a fully qualified yadm directory"
        fi
        YADM_DIR="$2"
        shift
      ;;
      --yadm-repo) #; override the standard YADM_REPO
        if [[ ! "$2" =~ ^/ ]] ; then
          error_out "You must specify a fully qualified repo path"
        fi
        YADM_OVERRIDE_REPO="$2"
        shift
      ;;
      --yadm-config) #; override the standard YADM_CONFIG
        if [[ ! "$2" =~ ^/ ]] ; then
          error_out "You must specify a fully qualified config path"
        fi
        YADM_OVERRIDE_CONFIG="$2"
        shift
      ;;
      --yadm-encrypt) #; override the standard YADM_ENCRYPT
        if [[ ! "$2" =~ ^/ ]] ; then
          error_out "You must specify a fully qualified encrypt path"
        fi
        YADM_OVERRIDE_ENCRYPT="$2"
        shift
      ;;
      --yadm-archive) #; override the standard YADM_ARCHIVE
        if [[ ! "$2" =~ ^/ ]] ; then
          error_out "You must specify a fully qualified archive path"
        fi
        YADM_OVERRIDE_ARCHIVE="$2"
        shift
      ;;
      *) #; main arguments are kept intact
        MAIN_ARGS+=("$1")
      ;;
    esac
    shift
  done

}

function configure_paths() {

  #; change all paths to be relative to YADM_DIR
  YADM_REPO="$YADM_DIR/$YADM_REPO"
  YADM_CONFIG="$YADM_DIR/$YADM_CONFIG"
  YADM_ENCRYPT="$YADM_DIR/$YADM_ENCRYPT"
  YADM_ARCHIVE="$YADM_DIR/$YADM_ARCHIVE"

  #; independent overrides for paths
  if [ -n "$YADM_OVERRIDE_REPO" ]; then
    YADM_REPO="$YADM_OVERRIDE_REPO"
  fi
  if [ -n "$YADM_OVERRIDE_CONFIG" ]; then
    YADM_CONFIG="$YADM_OVERRIDE_CONFIG"
  fi
  if [ -n "$YADM_OVERRIDE_ENCRYPT" ]; then
    YADM_ENCRYPT="$YADM_OVERRIDE_ENCRYPT"
  fi
  if [ -n "$YADM_OVERRIDE_ARCHIVE" ]; then
    YADM_ARCHIVE="$YADM_OVERRIDE_ARCHIVE"
  fi

  #; use the yadm repo for all git operations
  GIT_DIR=$(mixed_path "$YADM_REPO")
  export GIT_DIR

}

function configure_repo() {

  debug "Configuring new repo"

  #; change bare to false (there is a working directory)
  "$GIT_PROGRAM" config core.bare 'false'

  #; set the worktree for the yadm repo
  "$GIT_PROGRAM" config core.worktree "$(mixed_path "$YADM_WORK")"

  #; by default, do not show untracked files and directories
  "$GIT_PROGRAM" config status.showUntrackedFiles no

  #; possibly used later to ensure we're working on the yadm repo
  "$GIT_PROGRAM" config yadm.managed 'true'

}

function debug() {

  [ -n "$DEBUG" ] && echo -e "DEBUG: $*"

}

function error_out() {

  echo -e "ERROR: $*"
  exit 1

}

#; ****** Auto Functions ******

function auto_alt() {

  #; process alternates if there are possible changes
  if [ "$CHANGES_POSSIBLE" = "1" ] ; then
    auto_alt=$(config --bool yadm.auto-alt)
    if [ "$auto_alt" != "false" ] ; then
      alt
    fi
  fi

}

function auto_perms() {

  #; process permissions if there are possible changes
  if [ "$CHANGES_POSSIBLE" = "1" ] ; then
    auto_perms=$(config --bool yadm.auto-perms)
    if [ "$auto_perms" != "false" ] ; then
      perms
    fi
  fi

}

#; ****** Prerequisites Functions ******

function require_archive() {
  [ -f "$YADM_ARCHIVE" ] || error_out "$YADM_ARCHIVE does not exist. did you forget to create it?"
}
function require_encrypt() {
  [ -f "$YADM_ENCRYPT" ] || error_out "$YADM_ENCRYPT does not exist. did you forget to create it?"
}
function require_git() {
  local alt_git
  alt_git="$(config yadm.git-program)"

  local more_info
  more_info=""

  if [ "$alt_git" != "" ] ; then
    GIT_PROGRAM="$alt_git"
    more_info="\nThis command has been set via the yadm.git-program configuration."
  fi
  command -v "$GIT_PROGRAM" >/dev/null 2>&1 || \
    error_out "This functionality requires Git to be installed, but the command '$GIT_PROGRAM' cannot be located.$more_info"
}
function require_gpg() {
  local alt_gpg
  alt_gpg="$(config yadm.gpg-program)"

  local more_info
  more_info=""

  if [ "$alt_gpg" != "" ] ; then
    GPG_PROGRAM="$alt_gpg"
    more_info="\nThis command has been set via the yadm.gpg-program configuration."
  fi
  command -v "$GPG_PROGRAM" >/dev/null 2>&1 || \
    error_out "This functionality requires GPG to be installed, but the command '$GPG_PROGRAM' cannot be located.$more_info"
}
function require_repo() {
  [ -d "$YADM_REPO" ] || error_out "Git repo does not exist. did you forget to run 'init' or 'clone'?"
}
function require_ls() {
  if [ ! -f "$LS_PROGRAM" ] ; then
    command -v ls >/dev/null 2>&1 || \
      error_out "This functionality requires 'ls' to be installed at '$LS_PROGRAM' or listed in your \$PATH"
    LS_PROGRAM=ls
  fi
}

#; ****** Directory tranlations ******

function test_cygwin() {
  case "$(uname -s)" in
    CYGWIN*)
      git_version=$(git --version 2>/dev/null)
      if [[ "$git_version" =~ windows ]] ; then
	      USE_CYGPATH=1
      fi
      ;;
    *)
      ;;
  esac
}
function unix_path() {
  #; for paths used by bash/yadm
  if [ "$USE_CYGPATH" = "1" ] ; then
    cygpath -u "$1"
  else
    echo "$1"
  fi
}
function mixed_path() {
  #; for paths used by Git
  if [ "$USE_CYGPATH" = "1" ] ; then
    cygpath -m "$1"
  else
    echo "$1"
  fi
}

#; ****** Main processing (when not unit testing) ******

if [ "$YADM_TEST" != 1 ] ; then
  process_global_args "$@"
  test_cygwin
  configure_paths
  main "${MAIN_ARGS[@]}"
fi