#!/bin/bash

# @copyright GEMINI & Frogg

# ==============================================================================
# FONCTIONS REQUISITIONS & AUTHENTIFICATION
# ==============================================================================

# Récupère le challenge d'authentification unique
get_challenge() {
    local -r url="$1"
    local challenge_req
    challenge_req=$(curl -s --max-time 10 "$url/login/")
    echo "$challenge_req" | grep -oP '"challenge":"\K[^"]+'
}

# Génère le mot de passe de session sécurisé (HMAC-SHA1)
generate_password() {
    local -r challenge="$1"
    local -r token="$2"
    echo -n "$challenge" | openssl dgst -sha1 -hmac "$token" | awk '{print $2}'
}

# Ouvre la session et retourne le Token de Session unique
open_session() {
    local -r url="$1"
    local -r app_id="$2"
    local -r password="$3"
    local session_req

    session_req=$(curl -s --max-time 10 -X POST \
        -d "{\"app_id\": \"$app_id\", \"password\": \"$password\"}" \
        "$url/login/session/")

    echo "$session_req" | grep -oP '"session_token":"\K[^"]+'
}

# Ferme la session proprement sur la Freebox
close_session() {
    local -r url="$1"
    local -r session_token="$2"
    curl -s --max-time 5 -X POST \
        -H "X-Fbx-App-Auth: $session_token" \
        "$url/login/logout/" > /dev/null 2>&1
}

# ==============================================================================
# FONCTION COLLECTE ET EXTRACTION (MOTEUR PRINCIPAL)
# ==============================================================================
collect_freebox_metrics() {
    local -r url="$1"
    local -r token="$2"

    # Récupération brute des blocs de données de l'API
    local sys_data
    local conn_data
    sys_data=$(curl -s --max-time 10 -H "X-Fbx-App-Auth: $token" "$url/system/")
    conn_data=$(curl -s --max-time 10 -H "X-Fbx-App-Auth: $token" "$url/connection/")

    # --- Extraction et calculs locaux ---
    local -i cpu_usage
    local -i ram_total
    local -i ram_free
    local -i ram_usage
    local -i temp_cpu
    local -i temp_switch
    local -i fan_rpm
    local -i uptime

    cpu_usage=$(echo "$sys_data" | grep -oP '"cpu_usage":\K[0-9]+' || echo "0")
    ram_total=$(echo "$sys_data" | grep -oP '"mem_total":\K[0-9]+' || echo "0")
    ram_free=$(echo "$sys_data" | grep -oP '"mem_free":\K[0-9]+' || echo "0")

    if [ "$ram_total" -gt 0 ]; then
        ram_usage=$(( 100 - (ram_free * 100 / ram_total) ))
    else
        ram_usage=0
    fi

    temp_cpu=$(echo "$sys_data" | grep -oP '"temp_cpub":\K[0-9]+' || echo "0")
    temp_switch=$(echo "$sys_data" | grep -oP '"temp_sw":\K[0-9]+' || echo "0")
    fan_rpm=$(echo "$sys_data" | grep -oP '"fan_rpm":\K[0-9]+' || echo "0")
    uptime=$(echo "$sys_data" | grep -oP '"uptime_val":\K[0-9]+' || echo "0")

    # Extraction Disque
    local -i disk_total
    local -i disk_free
    local -i disk_usage
    disk_total=$(echo "$sys_data" | grep -oP '"disk_total":\K[0-9]+' || echo "0")
    disk_free=$(echo "$sys_data" | grep -oP '"disk_free":\K[0-9]+' || echo "0")

    if [ "$disk_total" -gt 0 ]; then
        disk_usage=$(( 100 - (disk_free * 100 / disk_total) ))
    else
        disk_usage=0
    fi

    # Extraction Réseau
    local -i bw_down
    local -i bw_up
    local -i rate_down
    local -i rate_up
    local net_status
    local vpn_alive

    bw_down=$(echo "$conn_data" | grep -oP '"bandwidth_down":\K[0-9]+' || echo "0")
    bw_up=$(echo "$conn_data" | grep -oP '"bandwidth_up":\K[0-9]+' || echo "0")
    rate_down=$(echo "$conn_data" | grep -oP '"rate_down":\K[0-9]+' || echo "0")
    rate_up=$(echo "$conn_data" | grep -oP '"rate_up":\K[0-9]+' || echo "0")
    net_status=$(echo "$conn_data" | grep -oP '"state":"\K[^"]+' || echo "unknown")
    vpn_alive=$(echo "$conn_data" | grep -oP '"ipv4_vpn_routed":\K[^, ]+' || echo "false")

    # --- Sortie du JSON final ---
    cat <<EOF
{
  "cpu_usage": $cpu_usage,
  "ram_usage": $ram_usage,
  "disk_usage": $disk_usage,
  "bandwidth_down": $bw_down,
  "bandwidth_up": $bw_up,
  "rate_down": $rate_down,
  "rate_up": $rate_up,
  "temp_cpu": $temp_cpu,
  "temp_switch": $temp_switch,
  "fan_rpm": $fan_rpm,
  "uptime": $uptime,
  "net_status": "$net_status",
  "vpn_alive": $vpn_alive
}
EOF
}

# ==============================================================================
# LOGIQUE PRINCIPALE (MAIN)
# ==============================================================================
main() {
    # Récupération des paramètres passés par Zabbix
    local -r freebox_url="$1"
    local -r app_token="$2"
    local -r app_id="$3"

    # Contrôle strict de la présence des arguments requis
    if [ -z "$freebox_url" ] || [ -z "$app_token" ] || [ -z "$app_id" ]; then
        echo '{"error": "missing_arguments", "details": "Usage: freebox_pop.sh <URL> <TOKEN> <APP_ID>"}'
        exit 1
    fi

    local challenge
    local password
    local session_token

    # 1. Étape du Challenge
    challenge=$(get_challenge "$freebox_url")
    if [ -z "$challenge" ]; then
        echo '{"error": "api_unreachable"}'
        exit 1
    fi

    # 2. Sécurité & Calcul d'empreinte
    password=$(generate_password "$challenge" "$app_token")

    # 3. Récupération de la Session
    session_token=$(open_session "$freebox_url" "$app_id" "$password")
    if [ -z "$session_token" ]; then
        echo '{"error": "authentication_failed"}'
        exit 1
    fi

    # 4. Traitement et extraction
    collect_freebox_metrics "$freebox_url" "$session_token"

    # 5. Nettoyage de la session active sur la Box
    close_session "$freebox_url" "$session_token"
}

# Lancement du script en lui injectant tous les arguments reçus par le processus d'appel
main "$@"