#!/bin/bash

# 增加防火墙规则
srs_firewall_rules(){
	bash -c "firewall-cmd --zone=public --permanent --add-port=8080/tcp"
	bash -c "firewall-cmd --zone=public --permanent --add-port=8443/tcp"
	bash -c "firewall-cmd --zone=public --permanent --add-port=4369/tcp"
	bash -c "firewall-cmd --zone=public --permanent --add-port=5672/tcp"
	bash -c "firewall-cmd --zone=public --permanent --add-port=25672/tcp"
	bash -c "firewall-cmd --zone=public --permanent --add-port=59000/udp"
	bash -c "firewall-cmd --reload"

	echo -e "\033[32mfirewall configure finished.\033[0m"
}

# 服务端https配置修改
srs_https_configure(){
	if [ ! -f /usr/share/tomcat/conf/localhost-rsa.jks ];then
		echo -e "\033[31mHTTPS 密钥库口令配置\033[0m"

		keytool -genkeypair -alias tomcat -dname "CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -keyalg RSA -keystore /usr/share/tomcat/conf/localhost-rsa.jks -storetype pkcs12
	fi
}

# 配置mariadb
srs_mariadb_configure(){

	systemctl start mariadb.service
	if [ $? -ne 0 ];then
		echo -e "\033[31mmariadb数据库服务启动失败，请检查数据库状态！\033[0m"
		exit
	fi

	echo -e "\033[31m请输入mysql数据库的root的密码\033[0m"

	flag=0
	while : ;
	do
		[ $flag -ne 0 ] && echo "密码不一致，请重试"
		read -s -p "请输入root密码：" ROOTPASSWORD1 && printf "\n"
		while [ ! "$ROOTPASSWORD1" ]
		do
			read -s -p "密码为空，请重新输入root密码：" ROOTPASSWORD1 && printf "\n"
		done
		mysql -uroot -e quit 2>/dev/null
		if [ $? -eq 0 ];then
			read -s -p "再次确认root密码：" ROOTPASSWORD2 && printf "\n"
			if [ "$ROOTPASSWORD1"x != "$ROOTPASSWORD2"x ];then
				let flag++
			else
				mysqladmin -uroot password "$ROOTPASSWORD2"
				echo "已设置mysql数据库root用户密码；"
				break
			fi
		else
			break
		fi
	done
	ROOTPASSWORD=$ROOTPASSWORD1

	count=2
	while [ $count -le 2 ]
	do
		if [ "$ROOTPASSWORD" ];then
			mysql -uroot -p"$ROOTPASSWORD" -e quit 2>/dev/null
			[ $? -eq 0 ] && break
		fi
		if [ $count -le 0 ];then
			echo -e "\033[31m密码输错3次，退出！\033[0m"
			exit
		fi
		read -s -p "root密码错误! 请重新输入root密码（输错3次后自动退出，还剩${count}次）：" ROOTPASSWORD && printf "\n"
		let count--
	done

	echo -e "\033[31m请设置mysql数据库的用户名及密码\033[0m"

	read -p "请设置用户名：" USER
	while [ ! "$USER" ] || [ `expr index "$USER" " "` -ne 0 ]
	do
		read -p "用户名不能为空或包含空格，请重新设置用户名：" USER
	done
	flag=0
	while [ "$PASSWORD1"x != "$PASSWORD2"x ] || [ ! "$PASSWORD1" ]
	do
		[ $flag -ne 0 ] && echo "密码不一致，请重试"
		read -s -p "请设置密码：" PASSWORD1 && printf "\n"
		while [ ! "$PASSWORD1" ] || [ `expr index "$PASSWORD1" " "` -ne 0 ]
		do
			read -s -p "密码不能为空或包含空格，请重新设置密码：" PASSWORD1 && printf "\n"
		done
		read -s -p "再次确认密码：" PASSWORD2 && printf "\n"
		let flag++
	done
	PASSWORD=$PASSWORD2

	echo "NEOKYLIN_SRS_MYSQL_AUTH_USER=$USER" > /etc/sysconfig/neokylin_srs_mysql_auth
	echo "NEOKYLIN_SRS_MYSQL_AUTH_PASS=$PASSWORD" >> /etc/sysconfig/neokylin_srs_mysql_auth

	sed -i '/^NEOKYLIN_SRS_MYSQL_AUTH_USER=/d' /etc/tomcat/tomcat.conf
	sed -i '/^NEOKYLIN_SRS_MYSQL_AUTH_PASS=/d' /etc/tomcat/tomcat.conf
	echo "NEOKYLIN_SRS_MYSQL_AUTH_USER=$USER" >> /etc/tomcat/tomcat.conf
	echo "NEOKYLIN_SRS_MYSQL_AUTH_PASS=$PASSWORD" >> /etc/tomcat/tomcat.conf

	if [  "$USER" = "root" ];then
		mysqladmin -uroot -p"$ROOTPASSWORD" password $PASSWORD 2>/dev/null
	else
		mysql -uroot -p"$ROOTPASSWORD" -e "create user $USER;" 2>/dev/null
		#mysql -uroot -p$ROOTPASSWORD -e "grant SELECT, INSERT, UPDATE, DELETE, CREATE, DROP on *.* to '$USER'@'%' identified by '$PASSWORD';"
		mysql -uroot -p"$ROOTPASSWORD" -e "grant all privileges on *.* to '$USER'@'%' identified by '$PASSWORD';"
		mysql -uroot -p"$ROOTPASSWORD" -e "grant all privileges on *.* to '$USER'@'localhost' identified by '$PASSWORD';"
	fi

	DATABASE=NKSRS

	mysql -u$USER -p$PASSWORD -e "DROP DATABASE IF EXISTS $DATABASE"
	mysql -u$USER -p$PASSWORD -e "CREATE DATABASE $DATABASE"

	[ $? -eq 0 ] && echo "created DB" || echo "DB already exists"

	if [ -f /usr/libexec/srs/NKSRS.sql ];then
		mysql -u$USER -p$PASSWORD NKSRS < /usr/libexec/srs/NKSRS.sql
		if [ $? -eq 0 ];then
			echo "数据库文件导入成功；"
		else
			echo -e "\033[31m数据库文件导入失败，请检查数据库状态！\033[0m"
			exit
		fi
	else
		echo -e "\033[31m请将数据库文件放置在正确目录下，并单独进行数据库导入操作！\033[0m"
	fi

	echo -e "\033[32mmariadb configure finished.\033[0m"
}

# rabbitmq的用户名、密码设置
srs_rabbitmq_auth_configure(){

	echo -e "\033[31m请设置rabbitmq server的用户名及密码\033[0m"

	read -p "请设置用户名：" user
	while [ ! "$user" ] || [ `expr index "$user" " "` -ne 0 ]
	do
		read -p "用户名不能为空或包含空格，请重新设置用户名：" user
	done
	flag=0
	while [ "$password1"x != "$password2"x ] || [ ! "$password1" ]
	do
		[ $flag -ne 0 ] && echo "密码不一致，请重试"
		read -s -p "请设置密码：" password1 && printf "\n"
		while [ ! "$password1" ] || [ `expr index "$password1" " "` -ne 0 ]
		do
			read -s -p "密码不能为空或包含空格，请重新设置密码：" password1 && printf "\n"
		done
		read -s -p "再次确认密码：" password2 && printf "\n"
		let flag++
	done
	password=$password2

	echo "NEOKYLIN_SRS_RABBIT_AUTH_USER=$user" > /etc/sysconfig/neokylin_srs_rabbitmq_auth_server
	echo "NEOKYLIN_SRS_RABBIT_AUTH_PASS=$password" >> /etc/sysconfig/neokylin_srs_rabbitmq_auth_server

	sed -i '/^NEOKYLIN_SRS_RABBIT_AUTH_USER=/d' /etc/tomcat/tomcat.conf
	sed -i '/^NEOKYLIN_SRS_RABBIT_AUTH_PASS=/d' /etc/tomcat/tomcat.conf
	echo "NEOKYLIN_SRS_RABBIT_AUTH_USER=$user" >> /etc/tomcat/tomcat.conf
	echo "NEOKYLIN_SRS_RABBIT_AUTH_PASS=$password" >> /etc/tomcat/tomcat.conf

	systemctl start rabbitmq-server.service
	if [ $? -ne 0 ];then
		echo -e "\033[31mrabbitmq数据库服务启动失败，请检查数据库状态！\033[0m"
		exit
	fi

	rabbitmqctl add_user $user $password
	rabbitmqctl set_user_tags $user administrator
	rabbitmqctl set_permissions -p / $user ".*" ".*" ".*"
	rabbitmqctl set_vm_memory_high_watermark 0.1

	[ `rabbitmqctl list_users |grep -w $user |grep administrator |wc -l` -eq 1 ] && echo -e "\033[32mSRS_RABBITMQ configure finished.\033[0m" || echo -e "\033[31mSRS_RABBITMQ configure failed.\033[0m"
}

# 启动相关服务
srs_services_start(){
	systemctl restart srs_server_daemon
	systemctl restart tomcat

	systemctl enable rabbitmq-server
	systemctl enable mariadb
	systemctl enable srs_server_daemon
	systemctl enable tomcat

	echo -e "\033[32mServer deploy finished.\033[0m"
}

srs_firewall_rules
srs_https_configure
srs_mariadb_configure
srs_rabbitmq_auth_configure

srs_services_start
