#!/bin/bash
#^ SOURCED, actually running in ash

# Protip: Comment out while editing, but DO NOT FORGET TO RE-ENABLE
bash <<"EOF"
format_urls() {
	local url scheme host path chost arr
	readarray -t -d ' ' arr < <( printf "%s" "$@" )
	for url in "${arr[@]}"; do
		# extract scheme and remove it from url if needed
		scheme="${url%%://*}"
		if [ "$scheme" != "$url" ]; then
			url="${url#*://}"
			if [ "$scheme" = 'http*' ]; then
				# Special case: assume http* means http and https
				scheme="http"
				format_urls "https://$url"
			elif [ "${scheme#*\*}" != "${scheme}" ]; then
				# Contains a *, not supported, use any
				scheme=
			fi
		else
			scheme=
		fi
		# extract host
		host="${url%%/*}"
		[ -z "$host" ] && continue
		# transform into chromium syntax
		# We don't support arbitrary wildcards in the host part
		chost="${host##*\*}"
		if [ "$host" = "*" ]; then
			chost="*"
		elif [ "$host" != "$chost" ]; then
			# host contains wildcard '*', use everything
			# after last * in host
			if [ "${chost:0:1}" = "." ]; then
				# Remove leading dot if any
				chost="${chost#?}"
			fi
			# Empty host means any host
			[ -z "$chost" ] && chost='*'
		else
			# chromium: exact host match must be prefixed with '.'
			chost=".${chost}"
		fi
		path="${url#*/}"
		[ "${path}" = "${host}" ] && path=
		path="${path%%\**}"
		printf "%s\n" "${scheme:+${scheme}://}${chost}${path:+/${path}}"
	done
}

main() {
	[ -z "$SLX_PXE_CLIENT_IP" ] && . /opt/openslx/config

	local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json"
	if [ -z "$SLX_BROWSER_BLACKLIST" ] && [ -z "$SLX_BROWSER_WHITELIST" ]; then
		# Legacy format
		if [ "$SLX_BROWSER_IS_WHITELIST" -eq 1 ]; then
			SLX_BROWSER_BLACKLIST="*"
			SLX_BROWSER_WHITELIST="$SLX_BROWSER_URLLIST"
		else
			SLX_BROWSER_BLACKLIST="$SLX_BROWSER_URLLIST"
		fi
	fi
	if [ -z "$SLX_BROWSER_BLACKLIST" ] && [ -z "$SLX_BROWSER_WHITELIST" ]; then
		rm -f -- "$url_policy_file"
		return
	fi
	re='^\s*$'
	if [[ $SLX_BROWSER_BLACKLIST =~ $re ]]; then
		SLX_BROWSER_BLACKLIST="*"
	fi
	# Create file
	echo "{" > "$url_policy_file"
	if [ -n "$SLX_BROWSER_BLACKLIST" ]; then
		echo -e '\t"URLBlocklist": '
		format_urls "$SLX_BROWSER_BLACKLIST" \
			| jq -Rs 'rtrimstr("\n") | split("\n")'
		[ -n "$SLX_BROWSER_WHITELIST" ] && echo ','
	fi >> "$url_policy_file"
	if [ -n "$SLX_BROWSER_WHITELIST" ]; then
		echo -e '\t"URLAllowlist": '
		format_urls "$SLX_BROWSER_WHITELIST" \
			| jq -Rs 'rtrimstr("\n") | split("\n")'
	fi >> "$url_policy_file"
	echo '}' >> "$url_policy_file"
	# Debian uses chromium instead of chromium-browser -.-
	mkdir -p "/etc/chromium/policies/managed"
	ln -nfs "$url_policy_file" "/etc/chromium/policies/managed/url-filter.json"
}

if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ]; then
	# autologin of some sort
	main
fi
EOF
true