#!/usr/bin/with-contenv bash

# Exit if mods is not set
if [ -z ${DOCKER_MODS+x} ]; then
  exit 0
fi

# Check for curl
if [ ! -f /usr/bin/curl ] || [ ! -f /usr/bin/jq ]; then
  echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing"
  if [ -f /usr/bin/apt ]; then
    ## Ubuntu
    apt-get update
    apt-get install --no-install-recommends -y \
      curl \
      jq
  elif [ -f /sbin/apk ]; then
    # Alpine
    apk add --no-cache \
      curl \
      jq
  fi
fi

## Functions

# Use different filtering depending on URL
get_blob_sha () {
  if [[ $1 == "ghcr" ]]; then
    curl \
      --silent \
      --location \
      --request GET \
      --header "Authorization: Bearer $2" \
      $3 | jq -r '.layers[0].digest'
  else
    curl \
      --silent \
      --location \
      --request GET \
      --header "Authorization: Bearer $2" \
      $3 | jq -r '.fsLayers[0].blobSum'
  fi
}

# Main run logic
echo "[mod-init] Attempting to run Docker Modification Logic"
IFS='|'
DOCKER_MODS=(${DOCKER_MODS})
for DOCKER_MOD in "${DOCKER_MODS[@]}"; do
  # Support alternative endpoints
  if [[ ${DOCKER_MOD} == ghcr.io/* ]] || [[ ${DOCKER_MOD} == linuxserver/* ]]; then
    DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}"
    ENDPOINT="${DOCKER_MOD%%:*}"
    USERNAME="${DOCKER_MOD%%/*}"
    REPO="${ENDPOINT#*/}"
    TAG="${DOCKER_MOD#*:}"
    if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
      TAG="latest"
    fi
    FILENAME="${USERNAME}.${REPO}.${TAG}"
    AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull"
    MANIFEST_URL="https://ghcr.io/v2/${ENDPOINT}/manifests/${TAG}"
    BLOB_URL="https://ghcr.io/v2/${ENDPOINT}/blobs/"
    MODE="ghcr"
  else
    ENDPOINT="${DOCKER_MOD%%:*}"
    USERNAME="${DOCKER_MOD%%/*}"
    REPO="${ENDPOINT#*/}"
    TAG="${DOCKER_MOD#*:}"
    if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
      TAG="latest"
    fi
    FILENAME="${USERNAME}.${REPO}.${TAG}"
    AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull"
    MANIFEST_URL="https://registry-1.docker.io/v2/${ENDPOINT}/manifests/${TAG}"
    BLOB_URL="https://registry-1.docker.io/v2/${ENDPOINT}/blobs/"
    MODE="dockerhub"
  fi
  # Kill off modification logic if any of the usernames are banned
  BLACKLIST=$(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt)
  IFS=$'\n'
  BLACKLIST=(${BLACKLIST})
  for BANNED in "${BLACKLIST[@]}"; do
    if [ "${BANNED}" == "${USERNAME,,}" ]; then
      if [ -z ${RUN_BANNED_MODS+x} ]; then
        echo "[mod-init] ${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic"
        exit 0
      else
        echo "[mod-init] You have chosen to run banned mods ${DOCKER_MOD} will be applied"
      fi
    fi
  done
  echo "[mod-init] Applying ${DOCKER_MOD} files to container"
  # Get Dockerhub token for api operations
  TOKEN=\
"$(curl \
    --silent \
    --header 'GET' \
    "${AUTH_URL}" \
    | jq -r '.token' \
  )"
  # Determine first and only layer of image
  SHALAYER=$(get_blob_sha "${MODE}" "${TOKEN}" "${MANIFEST_URL}")
  # Check if we have allready applied this layer
  if [ -f "/${FILENAME}" ] && [ "${SHALAYER}" == "$(cat /${FILENAME})" ]; then
    echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping"
  else
    # Download and extract layer to /
    curl \
      --silent \
      --location \
      --request GET \
      --header "Authorization: Bearer ${TOKEN}" \
      "${BLOB_URL}${SHALAYER}" \
      | tar xz -C /
    echo ${SHALAYER} > "/${FILENAME}"
  fi
done