#!/bin/bash
set -e

PKG="/var/packages/Fail2BanCommunity"
TARGET_DATA="${PKG}/target/fail2ban-data"
VAR_DATA="${PKG}/var/fail2ban-data"

mkdir -p "${VAR_DATA}"
mkdir -p "${VAR_DATA}/action.d" "${VAR_DATA}/bin" "${VAR_DATA}/db" "${VAR_DATA}/filter.d" "${VAR_DATA}/jail.d"

copy_missing_tree() {
    local sub="$1"
    # Avoid `find` failing under `set -e` if target tree is missing (partial install / path mismatch).
    [ -d "${TARGET_DATA}" ] || return 0
    [ -d "${TARGET_DATA}/${sub}" ] || return 0
    find "${TARGET_DATA}/${sub}" -type f 2>/dev/null | while read -r src; do
        local rel dst
        rel="${src#${TARGET_DATA}/}"
        dst="${VAR_DATA}/${rel}"
        mkdir -p "${dst%/*}"
        [ -e "${dst}" ] || cp -a "${src}" "${dst}"
    done
}

migrate_sshd_local_filter_if_old_default() {
    local dst="${VAR_DATA}/jail.d/sshd.local"

    [ -f "${dst}" ] || return 0

    python3 - "${dst}" <<'PY'
from pathlib import Path
import sys

p = Path(sys.argv[1])
txt = p.read_text()

if "filter = sshd-synology" in txt:
    raise SystemExit(0)

if "filter = sshd" in txt:
    txt = txt.replace("filter = sshd", "filter = sshd-synology", 1)
    p.write_text(txt)
PY
}

seed_ui_toggle_defaults_if_missing() {
    local toggle="${VAR_DATA}/jail.d/zz-ui-toggle.local"
    local legacy="${VAR_DATA}/jail.d/98-ui-toggle.local"
    if [ ! -f "${toggle}" ] && [ -f "${legacy}" ]; then
        mv -f "${legacy}" "${toggle}" 2>/dev/null || cp -f "${legacy}" "${toggle}"
    fi
    [ -f "${toggle}" ] && return 0

    cat > "${toggle}" <<'EOF_TOGGLE'
[sshd]
enabled = true

[phpmyadmin-syslog]
enabled = false

[studio-login]
enabled = false

[wordpress-login]
enabled = false
EOF_TOGGLE
}

for sub in action.d bin filter.d jail.d; do
    copy_missing_tree "$sub"
done

migrate_sshd_local_filter_if_old_default
seed_ui_toggle_defaults_if_missing

touch "${VAR_DATA}/ban-events.log" "${VAR_DATA}/banned-ips.txt" "${VAR_DATA}/.ban-counts.tsv" 2>/dev/null || true
chmod 666 "${VAR_DATA}/ban-events.log" "${VAR_DATA}/banned-ips.txt" "${VAR_DATA}/.ban-counts.tsv" 2>/dev/null || true

exit 0
