#!/usr/bin/perl
use strict;

use Getopt::Long;
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
use LWP;
use JSON;
use AppConfig;

my $api_key;

my $help;
my $username;
my $configfile = undef;
my $dryrun = 0;
my ($g_ua, $session, $api_key, $auth_key, $data, $domain);
my ($user, $displayname, $phone, $mail, $sipuser, $linetext);

my $config = AppConfig->new({ CREATE => 1 });

$config->define("api_url=s");
$config->define("api_keyfile=s");
$config->define("feide_server=s");
$config->define("feide_login=s");
$config->define("feide_passwd=s");
$config->define("feide_people=s");

$config->define("numbers_local_prefix=s");
$config->define("numbers_local_series=s");
$config->define("numbers_countrycode=s");

foreach ( 
	"/usr/local/etc/hermes/hermes_config",
	"/usr/local/etc/hermes/config",
	"/etc/hermes/config",
	$ENV{"HOME"} . "/.hermes/config",
	$ENV{"HOME"} . "/.hermes_config",
) { $configfile = $_ if ( -f $_ ); }

GetOptions(
	"help"		=> \$help,
	"username=s"  	=> \$username,
	"configfile=s" 	=> \$configfile,
	"dryrun" 	=> \$dryrun,
);

if (
	(not $username) ||
	(( $configfile ) && ( not -f $configfile )) 
)
{
	$help = 1;
}

$config->file( $configfile );

if (    ( not  $config->api_url ) ||
	( not  $config->api_keyfile ) ||
	( $config->api_keyfile && not -f $config->api_keyfile ) ||
	( not  $config->feide_server ) ||
	( not  $config->feide_login ) ||
	( not  $config->feide_passwd ) ||
	( not  $config->feide_people ) )
{
	$help = 1;
}

if ( $help ) {
print <<END_HELP;
Verify that the following options are set:
	--configfile=s
	--username=s
	--dryrun

Verify the contents of the configuration file.
Verify that the key-file exists.
END_HELP
exit; }

open KEY, "<" . $config->api_keyfile;
chomp( $api_key = <KEY> );
close KEY;

if ( not $username =~ m/\w+/ )
{ print "Illegal username\n"; exit; }


# Kobler til LDAP-server
my $ldap = Net::LDAP->new($config->feide_server, version => 3)
        or die "Can't connect to LDAP server: " . $config->feide_server . "!\n";
my $msg = $ldap->bind (dn => $config->feide_login, password => $config->feide_passwd);
if ( $msg->code()) {
        die ("LDAP error: ", $msg->error_text((), "\n"));
}

$msg = $ldap->search( base => $config->feide_people,
			scope    => "subtree",
			filter => "(uid=". $username .")",
			attrs => () );
die("Getting information for " . $username . " failed..." ) if ( $msg->count != 1 );

$user = $msg->entry;
$displayname = $user->get_value("displayName");
$phone = $user->get_value("telephoneNumber");
$mail = $user->get_value("mail");
$sipuser = $user->get_value("eduPersonPrincipalName");

my $short_test = "^" . $config->numbers_local_series;
my $long_test = "^" . $config->numbers_local_prefix . $config->numbers_local_series;

if ( $phone =~ m/$short_test/ )
{
	print "Phone number is in 5-digit local format. Completing E164.\n";
	$linetext = $config->numbers_local_prefix . $phone;
	$phone = $config->numbers_countrycode . $config->numbers_local_prefix . $phone;
}
elsif ( $phone =~ m/$long_test/ )
{
	print "Phone number is in 8-digit local format. Adding CC.\n" ;
	$linetext = $phone;
	$phone = $config->numbers_countrycode . $phone;
}
else
{
	print "Unable to recognize Phone number. Check FEIDE\n";
	exit;
}

print "Data so far:" . "\n";
print "  Username:    " . $username . "\n";
print "  Displayname: " . $displayname . "\n";
print "  Phone:       " . $phone . "\n";
print "  Line-text:   " . $linetext . "\n";
print "  Mail:        " . $mail . "\n";
print "  SIP address: " . $sipuser . "\n";

$msg = $ldap->unbind;
if ( $msg->code()) { die ("LDAP error: ", $msg->error_text((), "\n")); }

$g_ua = LWP::UserAgent->new;
$g_ua->cookie_jar({}); # In-memory jar, look at HTTP::Cookies for persistant

login_apikey();


$data = exec_apinode("user/available", { "user" => $sipuser });
if ( not $data->{'response'} eq 'ok' )
{
	printf("Unable to add user, Hermes response to available query is: %s\n", $data->{'cause'});
	exit;
}
undef $data;

if ( $dryrun ) {
	print("Dryrun specified. All OK so far, stopping before add.\n");
	logout();
	exit;
}

$data = exec_apinode("user/add_local", { 
	"user" => $sipuser,
	"displayname" => $displayname,
	"email" => $mail,
});
if ( not $data->{'response'} eq 'ok' )
{
	printf("Unable to add user, Hermes response to add_local query is: %s\n", $data->{'cause'});
	exit;
}
else
{
	printf("Added user, login information:\n");
	printf("username:    %s@%s\nauthid:      %s\npassword:    %s\n" .
		"registrar:   %s:%d\nproxy:       %s:%d\ndisplayname: %s\n" . 
		"email:       %s\npermission:  %s\n",
		$data->{'user'}->{'username'},
		$data->{'user'}->{'domain'},
		$data->{'user'}->{'authid'},
		$data->{'user'}->{'password'},
		$data->{'user'}->{'registrar'},
		$data->{'user'}->{'r_port'},
		$data->{'user'}->{'proxy'},
		$data->{'user'}->{'p_port'},
		$data->{'user'}->{'displayname'},
		$data->{'user'}->{'email'},
		$data->{'user'}->{'permittedcalls'},
	);
	$domain = $data->{'user'}->{'domain'},
	$phone .= "\@" . $domain;
}
undef $data;

unless ( $mail eq $sipuser )
{
	$data = exec_apinode("alias/add", { 
		"destination" => $sipuser,
		"alias" => $mail,
	});
	if ( not $data->{'response'} eq 'ok' )
	{
		printf("Unable to add alias, Hermes response to add_local query is: %s\n", $data->{'cause'});
		printf("Attempting to roll back user %s: ", $sipuser);
		undef $data; $data = exec_apinode("user/remove", { "user" => $sipuser });
		printf("%s\n", $data->{'response'});
		exit;
	}
	else
	{ printf("alias:       %s\n", $mail); }
	undef $data;
}

$data = exec_apinode("alias/add", { 
	"destination" => $sipuser,
	"alias" => $phone,
});
if ( not $data->{'response'} eq 'ok' )
{
	printf("Unable to add E164 number, Hermes response to add_local query is: %s\n", $data->{'cause'});
	printf("Attempting to roll back user %s: ", $sipuser);
	exec_apinode("alias/remove", { "alias" => $mail });
	exec_apinode("user/remove", { "user" => $sipuser });
	exit;
}
else
{ printf("e164:        %s\n", $phone); }
undef $data;

$data = exec_apinode("user/update", { 
	"user" => $sipuser,
	"linetext" => $linetext,
});
if ( not $data->{'response'} eq 'ok' )
{
	printf("Did not update 'linetext' element.");
}

# During testing:
#exec_apinode("alias/remove", { "alias" => $mail });
#exec_apinode("alias/remove", { "alias" => $phone });
#exec_apinode("user/remove", { "user" => $sipuser });

logout();
################################################################################################
sub exec_apinode($$)
{
	my $node = shift;
	my $param = shift;

	my ( $response, $data );

	$session = "" if not defined $session;
	$auth_key = "" if not defined $auth_key;
	my $url = $config->api_url . "/" . $node;

	$param->{'session'} = $session;
	$param->{'auth_key'} = $auth_key;

	$response = $g_ua->post( $url, $param );
	if ( $response->is_success )
	{
		if ( $response->content =~ m/\s*{/ )
		{
			$data = decode_json( $response->content);
		}
		else
		{
			$data = $response->content;
		}

	}
	return $data;
}

sub login_apikey
{
	my $response = $g_ua->post( $config->api_url . "/auth/login",
		[ "api_key" => $api_key ] );

	my $data = decode_json( $response->content) if $response->is_success;
	die("HTTP error") unless $response->is_success;

	if ( $data->{'response'} eq "ok" )
	{
		$session = $data->{'session'};
		$auth_key = $data->{'auth_key'};
	}
	else
	{
		print "Unable to log in to Hermes API\n";
		exit;
	}
	undef $data; undef $response;
}

sub logout
{
	my $response = $g_ua->post( $config->api_url . "/auth/logout",
		[ "session" => $session ] );
	die("HTTP error") unless $response->is_success;
	undef $session; undef $auth_key;
}