export PHP_UPLOADS_CONF_VERSION=v3
export ENTRYPOINT_CONF_VERSION=v3
export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
export MSMTP_CONF_VERSION=v3

wp() {
    su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
}

core_install(){
    ADMIN=admin
    if [ -n $AUTHENTIK_DOMAIN ]
    then
        ADMIN=akadmin
    fi
    chown www-data:www-data /var/www/html/wp-content
    wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
    wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
}

set_authentik(){
    AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
    AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
    if [ -n $LOGIN_TYPE ]
    then
        LOGIN_TYPE='button'
    fi
    wp "user create akadmin admin@example.com --role=administrator"
    wp "plugin install --activate daggerhart-openid-connect-generic"
    wp "option update --format=json openid_connect_generic_settings '
    {
        \"login_type\":\"$LOGIN_TYPE\",
        \"client_id\":\"$AUTHENTIK_ID\",
        \"client_secret\":\"$AUTHENTIK_SECRET\",
        \"scope\":\"email profile openid\",
        \"endpoint_login\":\"https://$AUTHENTIK_DOMAIN/application/o/authorize/\",
        \"endpoint_userinfo\":\"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
        \"endpoint_token\":\"https://$AUTHENTIK_DOMAIN/application/o/token/\",
        \"endpoint_end_session\":\"https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/\",
        \"acr_values\":\"\",
        \"identity_key\":\"preferred_username\",
        \"no_sslverify\":\"0\",
        \"http_request_timeout\":\"30\",
        \"enforce_privacy\":\"0\",
        \"alternate_redirect_uri\":\"1\",
        \"nickname_key\":\"preferred_username\",
        \"email_format\":\"{email}\",
        \"displayname_format\":\"{given_name} {family_name}\",
        \"identify_with_username\":\"1\",
        \"state_time_limit\":\"\",
        \"token_refresh_enable\":\"1\",
        \"link_existing_users\":\"1\",
        \"create_if_does_not_exist\":\"1\",
        \"redirect_user_back\":\"0\",
        \"redirect_on_logout\":\"1\",
        \"enable_logging\":\"0\",
        \"log_limit\":\"1000\"
    }'"
    wp "rewrite flush"
    wp "cache flush"

}

fix_mysql() {
  echo "ALTER TABLE mysql.column_stats MODIFY histogram longblob; ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" | mysql -u root -p$(cat /run/secrets/db_root_password)
}

sub_wp() {
  CONTAINER=$(docker container ls -f "Name=${STACK_NAME}_app" --format '{{ .ID }}')
  if [ -z "$CONTAINER" ]; then
    error "Can't find a container for ${STACK_NAME}_app"
    exit
  fi
  debug "Using Container ID ${CONTAINER}"

  # FIXME 3wc: we're fighting the Wordpress image, which recommends a named
  # volume for /var/www/html -- this used to work fine using --volumes-from
  # because the actual MySQL password was inserted into the generated
  # wp-config.php -- but as of Wordpress 5.7.0, wp-config loads data straight
  # from the environment, which requires Docker secrets to work, which only work
  # in swarm services (not one-off `docker run` commands). Defining a `cli`
  # service in compose.yml almost works, but there's no volumes_from: in Compose
  # V3, and without it then the `cli` service can't access Wordpress core.
  # See https://git.autonomic.zone/coop-cloud/wordpress/issues/21
  warning "Slowly looking up MySQL password..."
  silence
  abra__service_="app"
  DB_PASSWORD="$(sub_app_run cat "/run/secrets/db_password")"
  unsilence

  # shellcheck disable=SC2154,SC2086
  docker run -it \
	--volumes-from "$CONTAINER" \
	--network "container:$CONTAINER" \
	-u xfs:xfs \
    -e WORDPRESS_DB_HOST=db \
    -e WORDPRESS_DB_USER=wordpress \
    -e WORDPRESS_DB_PASSWORD="${DB_PASSWORD}" \
    -e WORDPRESS_DB_NAME=wordpress \
    -e WORDPRESS_CONFIG_EXTRA="${WORDPRESS_CONFIG_EXTRA}" \
	wordpress:cli wp ${abra__args_[*]}
}

abra_backup_app() {
  _abra_backup_dir "app:/var/www/html/wp-content"
}

abra_backup_db() {
  _abra_backup_mysql "db" "wordpress"
}

abra_backup() {
  abra_backup_app && abra_backup_db
}

abra_restore_app() {
  # shellcheck disable=SC2034
  {
	abra__src_="-"
	abra__dst_="app:/var/www/html/"
  }

  zcat "$@" | sub_app_cp

  success "Restored 'app'"
}

abra_restore_db() {
  # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
  # got this far..

  # shellcheck disable=SC2034
  abra___no_tty="true"

  DB_ROOT_PASSWORD=$(sub_app_run cat /run/secrets/db_root_password)

  zcat "$@" | sub_app_run mysql -u root -p"$DB_ROOT_PASSWORD" wordpress

  success "Restored 'db'"
}