#!/usr/bin/env bash
set -euo pipefail

# =========================
# BookStack Native Installer (Ubuntu + Apache + MariaDB)
# =========================
# - Installs dependencies
# - Creates DB/user
# - Clones BookStack (release branch)
# - Configures .env
# - Runs migrations
# - Configures Apache vhost
#
# Run: sudo ./install_bookstack_native.sh
# =========================

# ---- Config (edit these) ----
BOOKSTACK_DIR="/var/www/bookstack"
APACHE_SITE_NAME="Bookstack"
SERVER_NAME="bookstack.domain.com"      # Change to your domain or server hostname
APP_URL="https://bookstack.domain.com"   # Change to http(s)://your-domain

DB_NAME="bookstack"
DB_USER="bookstack"
DB_PASS="$(openssl rand -base64 24 | tr -d '\n' | tr -d '/' | tr -d '+')"  # auto-generate
# If you want to set your own DB password, replace the line above:
# DB_PASS="YourStrongPasswordHere"

# Optional: set to 1 to install UFW and allow Apache
CONFIGURE_UFW=1

# ---- Helpers ----
log() { echo -e "\n\033[1;32m[+] $*\033[0m"; }
warn() { echo -e "\n\033[1;33m[!] $*\033[0m"; }
die() { echo -e "\n\033[1;31m[✗] $*\033[0m"; exit 1; }

require_root() {
  if [[ "${EUID}" -ne 0 ]]; then
    die "Run this script as root (use sudo)."
  fi
}

detect_php_version() {
  # best-effort: use system php
  if ! command -v php >/dev/null 2>&1; then
    echo ""
    return
  fi
  php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;'
}

# ---- Start ----
require_root

log "Updating packages"
apt-get update -y

log "Installing dependencies (Apache, MariaDB, PHP, Composer, extensions)"
apt-get install -y \
  apache2 mariadb-server \
  git unzip curl \
  composer \
  php php-cli php-fpm \
  php-mysql php-xml php-mbstring php-curl php-zip php-gd php-intl

PHP_VER="$(detect_php_version || true)"
if [[ -z "${PHP_VER}" ]]; then
  warn "PHP not detected after install; something is off."
else
  log "Detected PHP version: ${PHP_VER}"
fi

log "Enabling and starting services"
systemctl enable --now apache2
systemctl enable --now mariadb

if [[ "${CONFIGURE_UFW}" -eq 1 ]]; then
  log "Configuring UFW (allow OpenSSH + Apache Full)"
  apt-get install -y ufw
  ufw allow OpenSSH >/dev/null || true
  ufw allow "Apache Full" >/dev/null || true
  ufw --force enable >/dev/null || true
fi

log "Creating database and user"
# If already exists, keep going safely.
mysql --protocol=socket -uroot <<SQL
CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER IF NOT EXISTS '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';
GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO '${DB_USER}'@'localhost';
FLUSH PRIVILEGES;
SQL

log "Cloning/Updating BookStack into ${BOOKSTACK_DIR}"
if [[ -d "${BOOKSTACK_DIR}/.git" ]]; then
  warn "Existing git repo found. Pulling latest 'release' branch."
  cd "${BOOKSTACK_DIR}"
  git fetch --all --prune
  git checkout release
  git pull
else
  mkdir -p "$(dirname "${BOOKSTACK_DIR}")"
  git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch "${BOOKSTACK_DIR}"
  cd "${BOOKSTACK_DIR}"
fi

log "Setting ownership to www-data"
chown -R www-data:www-data "${BOOKSTACK_DIR}"

log "Installing PHP dependencies with Composer (no-dev)"
sudo -u www-data composer install --no-dev --prefer-dist --no-interaction

log "Creating .env (if missing) and generating app key"
if [[ ! -f ".env" ]]; then
  sudo -u www-data cp .env.example .env
fi

# Update .env values safely (APP_URL + DB settings)
# Use perl for robust in-place editing
perl -0777 -i -pe "s|^APP_URL=.*\$|APP_URL=${APP_URL}|m" .env
perl -0777 -i -pe "s|^DB_DATABASE=.*\$|DB_DATABASE=${DB_NAME}|m" .env
perl -0777 -i -pe "s|^DB_USERNAME=.*\$|DB_USERNAME=${DB_USER}|m" .env
perl -0777 -i -pe "s|^DB_PASSWORD=.*\$|DB_PASSWORD=${DB_PASS}|m" .env

sudo -u www-data php artisan key:generate --no-interaction --force

log "Running database migrations"
sudo -u www-data php artisan migrate --force --no-interaction

log "Ensuring storage & cache permissions"
chown -R www-data:www-data "${BOOKSTACK_DIR}"
chmod -R 755 "${BOOKSTACK_DIR}"
# Laravel write dirs:
chmod -R 775 "${BOOKSTACK_DIR}/storage" "${BOOKSTACK_DIR}/bootstrap/cache" || true

log "Configuring Apache virtual host: ${APACHE_SITE_NAME}.conf"
APACHE_CONF="/etc/apache2/sites-available/${APACHE_SITE_NAME}.conf"
cat > "${APACHE_CONF}" <<EOF
<VirtualHost *:80>
    ServerName ${SERVER_NAME}
    DocumentRoot ${BOOKSTACK_DIR}/public

    <Directory ${BOOKSTACK_DIR}/public>
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog \${APACHE_LOG_DIR}/${APACHE_SITE_NAME}_error.log
    CustomLog \${APACHE_LOG_DIR}/${APACHE_SITE_NAME}_access.log combined
</VirtualHost>
EOF

log "Enabling Apache modules and site"
a2enmod rewrite >/dev/null
a2ensite "${APACHE_SITE_NAME}" >/dev/null

# Disable default site if enabled (optional, but cleaner)
if [[ -e /etc/apache2/sites-enabled/000-default.conf ]]; then
  warn "Disabling Apache default site (000-default)"
  a2dissite 000-default >/dev/null || true
fi

log "Reloading Apache"
systemctl reload apache2

cat <<SUMMARY

=========================
✅ BookStack Installed!
=========================

Path:         ${BOOKSTACK_DIR}
Apache site:  ${APACHE_CONF}
App URL:      ${APP_URL}
ServerName:   ${SERVER_NAME}

Database:
  DB Name:    ${DB_NAME}
  DB User:    ${DB_USER}
  DB Pass:    ${DB_PASS}

Default BookStack login:
  Email:      admin@admin.com
  Password:   password

Next steps:
1) Point DNS/hosts for ${SERVER_NAME} to this server (or change SERVER_NAME/APP_URL and rerun edits).
2) Log in and change the admin password immediately.
3) If you want HTTPS: install certbot (Let's Encrypt) and enable SSL for this vhost.

Tip:
- If you later change APP_URL, run:
  sudo -u www-data php ${BOOKSTACK_DIR}/artisan config:clear

SUMMARY