#!/bin/bash
# Copyright 2015 The Vanadium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

# Functions for starting the Sensor Log daemon and required services with
# appropriate blessings. Expected to be run with V23_CREDENTIALS or through
# an agent. NAME parameters are used both in service names and in blessing
# extensions.

set -eu

# Default to one week timeout.
readonly TIMEOUT='168h'

# Kills all child processes of the current process.
function kill_child_processes() {
  kill -TERM -- -"${BASHPID}" || true
  sleep 1
  kill -KILL -- -"${BASHPID}" || true
}
export -f kill_child_processes

# Generates a hex-encoded 16-byte random UUID.
function gen_uuid() {
  head -c 256 /dev/urandom | sha256sum | cut -c 1-32
}
export -f gen_uuid

readonly BLESSING_CHAIN_SEPARATOR=':'

# Converts name to blessing extension.
# name_to_blessing NAME
function name_to_blessing() {
  sed -e "s,/,${BLESSING_CHAIN_SEPARATOR},g" <<< "$@"
}
export -f name_to_blessing

# Gets first default blessing for the principal set in the environment.
function get_blessing_root() {
  "${JIRI_ROOT}"/release/go/bin/principal dump -s | cut -d ' ' -f 1 | cut -d ',' -f 1
}
export -f get_blessing_root

# Extracts email address from the blessing obtained by get_blessing_root.
function get_user_email() {
  get_blessing_root | tr "${BLESSING_CHAIN_SEPARATOR}" '\n' | grep '@' | head -n 1
}
export -f get_user_email

# Starts mounttabled at IPADDR:PORT. If $GLOBAL_MOUNT is provided, the
# mount table mounts itself under $GLOBAL_MOUNT/$NAME.
# run_mounttabled NAME IPADDR:PORT [GLOBAL_MOUNT]
function run_mounttabled() {
  local -r NAME="$1"
  local -r IPADDR_PORT="$2"
  local GLOBAL_MOUNT="${3:-}"
  if [[ -n "${GLOBAL_MOUNT}" ]]; then
    GLOBAL_MOUNT="${GLOBAL_MOUNT}/${NAME}"
  fi
  # TODO(ivanpi): Lock down mount table permissions.
  "${JIRI_ROOT}"/release/go/bin/vbecome -duration="${TIMEOUT}" \
    -name="$(name_to_blessing "${NAME}/mounttabled")" \
    "${JIRI_ROOT}"/release/go/bin/mounttabled -v23.tcp.address "${IPADDR_PORT}" \
    -name="${GLOBAL_MOUNT}" \
    &
  sleep 1
}
export -f run_mounttabled

# Starts syncbased with permissions other than resolve restricted to
# <blessing_root>:$NAME.
# run_syncbased MT NAME TMPDIR
function run_syncbased() {
  local -r MT="$1"
  local -r NAME="$2"
  local -r TMPDIR="$3"
  local -r DEF_BLESSING_RUNNER="$(name_to_blessing "$(get_blessing_root)/${NAME}")"
  local -r PERMISSIONS_LITERAL="{\
\"Admin\":{\"In\":[\"${DEF_BLESSING_RUNNER}\"]}, \
\"Read\":{\"In\":[\"${DEF_BLESSING_RUNNER}\"]}, \
\"Write\":{\"In\":[\"${DEF_BLESSING_RUNNER}\"]}, \
\"Resolve\":{\"In\":[\"...\"]} \
}"
  "${JIRI_ROOT}"/release/go/bin/vbecome -duration="${TIMEOUT}" \
    -name "$(name_to_blessing "${NAME}/syncbased")" \
    "${JIRI_ROOT}"/release/go/bin/syncbased -v23.namespace.root "${MT}" -name "${NAME}/syncbased" \
    -engine leveldb -root-dir "${TMPDIR}/${NAME}/syncbased" \
    -v23.permissions.literal "${PERMISSIONS_LITERAL}" \
    &
  sleep 1
}
export -f run_syncbased

# Starts measured that uses $PUBLISH_SB to publish the syncgroup. Expects a
# syncbase instance to have been started at $MT with the same $NAME. If
# $PUBLISH_MT is provided, the syncgroup is advertised there in addition to
# the local mount table.
# run_measured MT NAME DEVID ADMIN PUBLISH_SB [PUBLISH_MT]
function run_measured() {
  local -r MT="$1"
  local -r NAME="$2"
  local -r DEVID="$3"
  local -r ADMIN="$4"
  local -r PUBLISH_SB="$5"
  local -r PUBLISH_MT="${6:-}"
  local -r DEF_BLESSING_ADMIN="$(name_to_blessing "$(get_blessing_root)/${ADMIN}")"
  "${JIRI_ROOT}"/release/go/bin/vbecome -duration="${TIMEOUT}" \
    -name="$(name_to_blessing "${NAME}")" \
    "${JIRI_ROOT}"/release/projects/sensorlog/go/bin/measured -v23.namespace.root "${MT}" \
    -service "${NAME}/syncbased" -devid="${DEVID}" -admin="${DEF_BLESSING_ADMIN}" \
    -publish-sb "${PUBLISH_SB}" -publish-mt="${PUBLISH_MT}" \
    -alsologtostderr \
    &
  sleep 1
}
export -f run_measured

# Runs slcli against master Syncbase with specified $NAME.
# run_slcli MT NAME [args...]
function run_slcli() {
  local -r MT="$1"
  local -r NAME="$2"
  shift 2
  "${JIRI_ROOT}"/release/go/bin/vbecome -duration="${TIMEOUT}" \
    -name "$(name_to_blessing "${NAME}")" \
    "${JIRI_ROOT}"/release/projects/sensorlog/go/bin/slcli -v23.namespace.root "${MT}" \
    -service "${NAME}/syncbased" "$@"
}
export -f run_slcli