#!/bin/bash
# ==============================================================================
# XBI Panel - Secure Installer Wrapper
# This script authenticates the user via WHMCS before downloading and 
# extracting the actual installation payload.
# ==============================================================================

set -e

# Configuration
WHMCS_API_URL="https://clientes.xbi.es/whmcs_license_api.php"
WORK_DIR="/tmp/xbi-install-$(date +%s)"

# Colors for output
GREEN='\033[0;32m'
BLUE='\033[0;34m'
RED='\033[0;31m'
NC='\033[0m'

clear || true
echo -e "${BLUE}====================================================================${NC}"
echo -e "${GREEN}                   XBI PANEL - SECURE INSTALLER                     ${NC}"
echo -e "${BLUE}====================================================================${NC}"
echo ""

## Language Selection
if [ "$XBI_AUTO_UPDATE" = "1" ]; then
    LANG_CHOICE=1
else
    echo "Select your language / Selecciona tu idioma / Choisissez votre langue / Wählen Sie Ihre Sprache:"
    echo "  1) English"
    echo "  2) Español"
    echo "  3) Français"
    echo "  4) Deutsch"
    echo ""
    read -p "Choice [1-4] (Default: 1): " LANG_CHOICE || true
fi

case $LANG_CHOICE in
  2)
    LANG_CODE="es"
    MSG_INSTALL_TOOLS="Instalando herramientas necesarias (curl, unzip, jq)..."
    MSG_LICENSE_PROMPT="Introduce tu Licencia XBI (Trial o Premium): "
    MSG_LICENSE_EMPTY="La licencia no puede estar vacía."
    MSG_GATHERING="Recopilando información de red..."
    MSG_HOSTNAME_PROMPT="Introduce un Hostname para este panel (ej: panel.tudominio.com)"
    MSG_HOSTNAME_DEFAULT="Presiona ENTER para usar este por defecto"
    MSG_AUTH="Autenticando contra servidores de licencias de BINTELCOM..."
    MSG_AUTH_FAIL="Autenticación fallida:"
    MSG_VERIFIED="Licencia verificada correctamente. Obteniendo token seguro..."
    MSG_NO_TOKEN="El servidor rechazó proveer un token de descarga."
    MSG_DOWNLOADING="Descargando payload cifrado del repositorio central..."
    MSG_DL_ERROR="Error descargando el payload (HTTP"
    MSG_EXTRACTING="Descomprimiendo sistema de instalación..."
    MSG_NO_PAYLOAD="El instalador principal no está dentro del archivo comprimido."
    MSG_FINALIZING="Pasando el control al instalador del núcleo..."
    ;;
  3)
    LANG_CODE="fr"
    MSG_INSTALL_TOOLS="Installation des outils requis (curl, unzip, jq)..."
    MSG_LICENSE_PROMPT="Entrez votre clé de licence XBI (Trial ou Premium) : "
    MSG_LICENSE_EMPTY="La licence ne peut pas être vide."
    MSG_GATHERING="Collecte des informations réseau..."
    MSG_HOSTNAME_PROMPT="Entrez un nom d'hôte pour ce panneau (ex: panel.domaine.com)"
    MSG_HOSTNAME_DEFAULT="Appuyez sur ENTRÉE pour utiliser celui-ci par défaut"
    MSG_AUTH="Authentification croisée avec les serveurs de licences BINTELCOM..."
    MSG_AUTH_FAIL="Échec de l'authentification:"
    MSG_VERIFIED="Licence vérifiée avec succès. Obtention d'un jeton sécurisé..."
    MSG_NO_TOKEN="Le serveur n'a pas fourni de jeton de téléchargement."
    MSG_DOWNLOADING="Téléchargement du payload depuis le dépôt..."
    MSG_DL_ERROR="Erreur lors du téléchargement des fichiers (HTTP"
    MSG_EXTRACTING="Extraction de l'installation..."
    MSG_NO_PAYLOAD="L'installateur principal est introuvable dans l'archive."
    MSG_FINALIZING="Passage du contrôle au noyau de l'installateur..."
    ;;
  4)
    LANG_CODE="de"
    MSG_INSTALL_TOOLS="Notwendige Werkzeuge installieren (curl, unzip, jq)..."
    MSG_LICENSE_PROMPT="Geben Sie Ihren XBI-Lizenzschlüssel ein (Trial oder Premium): "
    MSG_LICENSE_EMPTY="Die Lizenz darf nicht leer sein."
    MSG_GATHERING="Netzwerkinformationen sammeln..."
    MSG_HOSTNAME_PROMPT="Geben Sie einen Hostnamen für dieses Panel (z.B. panel.domain.com)"
    MSG_HOSTNAME_DEFAULT="Drücken Sie ENTER für den Standard-Hostnamen"
    MSG_AUTH="Authentifizierung über BINTELCOM Lizenzserver..."
    MSG_AUTH_FAIL="Authentifizierung fehlgeschlagen:"
    MSG_VERIFIED="Lizenz erfolgreich verifiziert. Sicheres Token wird abgerufen..."
    MSG_NO_TOKEN="Der Server lieferte kein Download-Token."
    MSG_DOWNLOADING="Installationsdateien aus dem Repository herunterladen..."
    MSG_DL_ERROR="Fehler beim Herunterladen der Dateien (HTTP"
    MSG_EXTRACTING="Installation entpacken..."
    MSG_NO_PAYLOAD="Das Haupt-Installationsskript fehlt im Archiv."
    MSG_FINALIZING="Übergabe an den Core-Installer..."
    ;;
  *)
    LANG_CODE="en"
    MSG_INSTALL_TOOLS="Installing required tools (curl, unzip, jq)..."
    MSG_LICENSE_PROMPT="Enter your XBI License Key (Trial or Premium): "
    MSG_LICENSE_EMPTY="The license key cannot be empty."
    MSG_GATHERING="Gathering server network information..."
    MSG_HOSTNAME_PROMPT="Enter a Hostname for this panel (e.g. panel.yourdomain.com)"
    MSG_IP_PROMPT="Enter the public IP of this server"
    MSG_HOSTNAME_DEFAULT="Press ENTER to use this default"
    MSG_AUTH="Cross-authenticating against BINTELCOM licensing servers..."
    MSG_AUTH_FAIL="Authentication failed:"
    MSG_VERIFIED="License verified successfully. Procuring secure token..."
    MSG_NO_TOKEN="The server did not provide a secure download token."
    MSG_DOWNLOADING="Downloading secure payload from master repository..."
    MSG_DL_ERROR="Error downloading installation files (HTTP"
    MSG_EXTRACTING="Extracting core payload..."
    MSG_NO_PAYLOAD="Main install_dist.sh script missing from archive."
    MSG_FINALIZING="Passing control to the core installer daemon..."
    ;;
esac

echo ""

# Ensure tools
if ! command -v curl &> /dev/null || ! command -v unzip &> /dev/null || ! command -v jq &> /dev/null; then
    echo -e "${BLUE}[*] ${MSG_INSTALL_TOOLS}${NC}"
    apt-get update -qq && apt-get install -y -qq curl unzip jq
fi

# Gather Initial Info
DETECTED_IP=$(curl -s -4 https://api64.ipify.org || curl -s -4 https://ipv4.icanhazip.com || echo "127.0.0.1")
CURRENT_HOSTNAME=$(hostname -f 2>/dev/null || hostname || echo "panel.local")

if [ "$XBI_AUTO_UPDATE" = "1" ]; then
    SERVER_DOMAIN=$CURRENT_HOSTNAME
    SERVER_IP=$DETECTED_IP
else
    # Prompt for Hostname
    echo -e "${MSG_HOSTNAME_PROMPT}"
    read -p "${MSG_HOSTNAME_DEFAULT} [${CURRENT_HOSTNAME}]: " INPUT_DOMAIN || true
    SERVER_DOMAIN=${INPUT_DOMAIN:-$CURRENT_HOSTNAME}

    # Prompt for IP
    echo -e "${MSG_IP_PROMPT}"
    read -p "${MSG_HOSTNAME_DEFAULT} [${DETECTED_IP}]: " INPUT_IP || true
    SERVER_IP=${INPUT_IP:-$DETECTED_IP}
fi

# Enforce Hostname immediately for the server context
hostnamectl set-hostname "$SERVER_DOMAIN" 2>/dev/null || hostname "$SERVER_DOMAIN"
# Ensure it resolves locally temporarily
if ! grep -q "$SERVER_DOMAIN" /etc/hosts; then
    echo "127.0.0.1 $SERVER_DOMAIN" >> /etc/hosts
fi

echo ""

# Prompt for License Key
if [ -z "${LICENSE_KEY:-}" ]; then
    if [ "$XBI_AUTO_UPDATE" = "1" ]; then
        echo -e "${RED}[!] Auto-update requires LICENSE_KEY environment variable.${NC}"
        exit 1
    fi
    read -p "${MSG_LICENSE_PROMPT}" LICENSE_KEY || true
fi

if [ -z "$LICENSE_KEY" ]; then
    echo -e "${RED}[!] ${MSG_LICENSE_EMPTY}${NC}"
    exit 1
fi

echo -e "\n${BLUE}[*] ${MSG_GATHERING}${NC}"
echo -e "    -> IPv4: $SERVER_IP"
echo -e "    -> FQDN: $SERVER_DOMAIN"

echo -e "\n${BLUE}[*] ${MSG_AUTH}${NC}"

# Validate against WHMCS API
API_RESPONSE=$(curl -s -X POST \
    -F "license_key=$LICENSE_KEY" \
    -F "ip=$SERVER_IP" \
    -F "domain=$SERVER_DOMAIN" \
    "$WHMCS_API_URL")

STATUS=$(echo "$API_RESPONSE" | jq -r '.status' 2>/dev/null)
MESSAGE=$(echo "$API_RESPONSE" | jq -r '.message' 2>/dev/null)

if [ "$STATUS" != "success" ]; then
    echo -e "${RED}[!] ${MSG_AUTH_FAIL} ${MESSAGE:-"Unknown Error"}${NC}"
    exit 1
fi

echo -e "${GREEN}[+] ${MSG_VERIFIED}${NC}"

REPO_TOKEN=$(echo "$API_RESPONSE" | jq -r '.repo_token')
REPO_URL=$(echo "$API_RESPONSE" | jq -r '.repo_url')

if [ -z "$REPO_TOKEN" ] || [ -z "$REPO_URL" ] || [ "$REPO_TOKEN" == "null" ]; then
    echo -e "${RED}[!] ${MSG_NO_TOKEN}${NC}"
    exit 1
fi

# Download the protected payload
echo -e "${BLUE}[*] ${MSG_DOWNLOADING}${NC}"
mkdir -p "$WORK_DIR"
cd "$WORK_DIR"

HTTP_STATUS=$(curl -s -w "%{http_code}" -H "X-XBI-Token: $REPO_TOKEN" -o "xbi-payload.zip" "$REPO_URL?nocache=$(date +%s)")

if [ "$HTTP_STATUS" != "200" ]; then
    echo -e "${RED}[!] ${MSG_DL_ERROR} ${HTTP_STATUS}).${NC}"
    exit 1
fi

# Extract and Execute installation
unzip -o -q xbi-payload.zip

if [ ! -f "install_dist.sh" ]; then
    echo -e "${RED}[!] ${MSG_NO_PAYLOAD}${NC}"
    exit 1
fi


echo -e "${GREEN}[+] ${MSG_FINALIZING}${NC}"
chmod +x install_dist.sh

mkdir -p /etc/xbi
echo "$LICENSE_KEY" > /etc/xbi/license
chmod 600 /etc/xbi/license

# Export Hostname, IP, and Language so install_dist.sh knows exactly how to print the final texts
export XBI_HOSTNAME="$SERVER_DOMAIN"

export XBI_IP="$SERVER_IP"
export XBI_LANG="$LANG_CODE"

exec bash install_dist.sh