#!/bin/bash

# Function to create VPN user based on protocol
create_vpn_user() {
  protocol=$1
  case $protocol in
    "trojan")
      username="${protocol}trial-${kataacak}"
      pass=$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 15; echo)
      curl -X 'POST' \
        "http://${api_host}:${api_port}/api/user" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer ${token}" \
        -H 'Content-Type: application/json' \
        -d '{
          "username": "'"${username}"'",
          "proxies": {
            "trojan": {
              "password": "'"${pass}"'"
            }
          },
          "inbounds": {
            "trojan": [
            "TROJAN_WS",
            "TROJAN_WS_ANTIADS",
            "TROJAN_WS_ANTIPORN",
            "TROJAN_GRPC",
            "TROJAN_HTTPUPGRADE",
            "TROJAN_HU_ANTIADS",
            "TROJAN_HU_ANTIPORN"
            ]
          },
          "expire": '"${exp}"',
          "data_limit": '"${limitq}"',
          "data_limit_reset_strategy": "'"${reset_strategy}"'",
          "status": "active",
          "note": "'"${username}"'"
        }' > "/tmp/${username}_${protocol}.json"
      ;;
    "vmess")
      username="${protocol}trial-${kataacak}"
      uuid=$(cat /proc/sys/kernel/random/uuid)
      curl -X 'POST' \
        "http://${api_host}:${api_port}/api/user" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer ${token}" \
        -H 'Content-Type: application/json' \
        -d '{
          "username": "'"${username}"'",
          "proxies": {
            "vmess": {
              "id": "'"${uuid}"'"
            }
          },
          "inbounds": {
            "vmess": [
              "VMESS_WS",
              "VMESS_WS_ANTIADS",
              "VMESS_WS_ANTIPORN",
              "VMESS_GRPC",
              "VMESS_HTTPUPGRADE",
              "VMESS_HU_ANTIADS",
              "VMESS_HU_ANTIPORN"
            ]
          },
          "expire": '"${exp}"',
          "data_limit": '"${limitq}"',
          "data_limit_reset_strategy": "'"${reset_strategy}"'",
          "status": "active",
          "note": "'"${username}"'"
        }' > "/tmp/${username}_${protocol}.json"
      ;;
    "vless")
      username="${protocol}trial-${kataacak}"
      uuid=$(cat /proc/sys/kernel/random/uuid)
      curl -X 'POST' \
        "http://${api_host}:${api_port}/api/user" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer ${token}" \
        -H 'Content-Type: application/json' \
        -d '{
          "username": "'"${username}"'",
          "proxies": {
            "vless": {
              "id": "'"${uuid}"'",
              "flow": "xtls-rprx-vision"
            }
          },
          "inbounds": {
            "vless": [
            "VLESS_WS",
            "VLESS_WS_ANTIADS",
            "VLESS_WS_ANTIPORN",
            "VLESS_GRPC",
            "VLESS_HTTPUPGRADE",
            "VLESS_HU_ANTIADS",
            "VLESS_HU_ANTIPORN"
            ]
          },
          "expire": '"${exp}"',
          "data_limit": '"${limitq}"',
          "data_limit_reset_strategy": "'"${reset_strategy}"'",
          "status": "active",
          "note": "'"${username}"'"
        }' > "/tmp/${username}_${protocol}.json"
      ;;
    "ss")
      username="${protocol}trial-${kataacak}"
      pass=$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 15; echo)
      curl -X 'POST' \
        "http://${api_host}:${api_port}/api/user" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer ${token}" \
        -H 'Content-Type: application/json' \
        -d '{
        "username": "'"${username}"'",
        "proxies": {
            "shadowsocks": {
            "password": "'"${pass}"'",
	        "method": "aes-128-gcm"
            }
        },
        "inbounds": {
            "shadowsocks": [
            "SHADOWSOCKS_WS",
            "SHADOWSOCKS_WS_ANTIADS",
            "SHADOWSOCKS_WS_ANTIPORN",
            "SHADOWSOCKS_GRPC",
            "SHADOWSOCKS_OUTLINE"
            ]
        },
          "expire": '"${exp}"',
          "data_limit": '"${limitq}"',
          "data_limit_reset_strategy": "'"${reset_strategy}"'",
          "status": "active",
          "note": "'"${username}"'"
        }' > "/tmp/${username}_${protocol}.json"
        ;;
    *)
      echo "Unknown protocol"
      exit 1
      ;;
  esac
}

# Function to display VPN user details based on protocol
display_user_details() {
  protocol=$1
  username="${protocol}trial-${kataacak}"
  case $protocol in
    "trojan")
clear
echo -e "=======-XRAY/TROJAN======="
echo -e ""
echo -e "Remarks: ${username}"
echo -e "Domain: ${domain}"
echo -e "Quota: Unlimited"
# Replace values and specific reset strategies
  case "${reset_strategy}" in
    "no_reset") reset_strategy="Loss_doll";;
esac
echo -e "Reset Quota Strategy: ${reset_strategy}"
echo -e "================================="
echo -e "🔑 Port TLS: 443, 8443, 8880"
echo -e "🔑 Port nonTLS: 80, 2082, 2083, 3128, 8080"
echo -e "================================="
echo -e "Password: ${pass}"
echo -e "================================="
echo -e "network: ws/grpc/httpupgrade"
echo -e "================================="
echo -e "path: "
echo -e "a.) WS: /trojan atau /enter-your-custom-path/trojan"
echo -e "b.) WS Antiads: /trojan-antiads"
echo -e "c.) WS Anti Ads & porn: /trojan-antiporn"
echo -e "d.) GRPC: trojan-service"
echo -e "e.) HTTPUpgrade: /trojan-http"
echo -e "f.) HTTPUpgrade Antiads: /trojan-hu-antiads"
echo -e "g.) HTTPUpgrade Anti Ads & porn: /trojan-hu-antiporn"
echo -e "================================="
echo -e "alpn: "
echo -e "a.) WS/HU: http/1.1"
echo -e "b.) GRPC: h2"
echo -e "================================="
echo -e "tls:"
echo -e "a.) WS/HU: true (tls), false (nontls)"
echo -e "b.) GRPC: true"
echo -e "allowInsecure: true"
echo -e "================================="
echo -e "Link Subscription : https://${domain}${subs}"
echo -e "================================="
echo -e "Masa Aktif: ${human_readable_exp} [${expiry_minutes} Menit]" 
      ;;
    "vmess")
clear
echo -e "=======-XRAY/VMESS======="
echo -e ""
echo -e "Remarks: ${username}"
echo -e "Domain: ${domain}"
echo -e "Quota: Unlimited"
# Replace values and specific reset strategies
  case "${reset_strategy}" in
    "no_reset") reset_strategy="Loss_doll";;
esac
echo -e "Reset Quota Strategy: ${reset_strategy}"
echo -e "================================="
echo -e "🔑 Port TLS: 443, 8443, 8880"
echo -e "🔑 Port nonTLS: 80, 2082, 2083, 3128, 8080"
echo -e "================================="
echo -e "id: ${uuid}"
echo -e "alterID: 0"
echo -e "security: auto"
echo -e "================================="
echo -e "network: tcp/ws/grpc/httpupgrade"
echo -e "================================="
echo -e "path & serviceName: "
echo -e "a.) TCP TLS & NonTLS: /vmess-tcp"
echo -e "b.) WS TLS & NonTLS: /vmess atau /enter-your-custom-path/vmess"
echo -e "c.) WS Antiads TLS & NonTLS: /vmess-antiads"
echo -e "d.) WS Anti Ads & porn: /vmess-antiporn"
echo -e "e.) GRPC TLS: vmess-service"
echo -e "f.) HTTPUpgrade: /vmess-http"
echo -e "g.) HTTPUpgrade Antiads: /vmess-hu-antiads"
echo -e "h.) HTTPUpgrade Anti Ads & porn: /vmess-hu-antiporn"
echo -e "================================="
echo -e "alpn: "
echo -e "a.) WS/TCP/HU: http/1.1"
echo -e "b.) GRPC: h2"
echo -e "================================="
echo -e "tls:"
echo -e "a.) WS/TCP/HU: true (tls), false (nontls)"
echo -e "b.) GRPC: true"
echo -e "allowInsecure: true"
echo -e "================================="
echo -e "Link Subscription : https://${domain}${subs}"
echo -e "================================="
echo -e "Masa Aktif: ${human_readable_exp} [${expiry_minutes} Menit]" 
      ;;
    "vless")
clear
echo -e "=======-XRAY/VLESS======="
echo -e ""
echo -e "Remarks: ${username}"
echo -e "Domain: ${domain}"
echo -e "Quota: Unlimited"
# Replace values and specific reset strategies
  case "${reset_strategy}" in
    "no_reset") reset_strategy="Loss_doll";;
esac
echo -e "Reset Quota Strategy: ${reset_strategy}"
echo -e "================================="
echo -e "🔑 Port TLS: 443, 8443, 8880"
echo -e "🔑 Port nonTLS: 80, 2082, 2083, 3128, 8080"
echo -e "================================="
echo -e "id: ${uuid}"
echo -e "decryption: none"
echo -e "================================="
echo -e "network: ws/grpc/httpupgrade"
echo -e "================================="
echo -e "path: "
echo -e "a.) WS: /vless atau /enter-your-custom-path/vless"
echo -e "b.) WS Antiads: /vless-antiads"
echo -e "c.) WS Anti Ads & porn: /vless-antiporn"
echo -e "d.) GRPC: vless-service"
echo -e "e.) HTTPUpgrade: /vless-http"
echo -e "f.) HTTPUpgrade Antiads: /vless-hu-antiads"
echo -e "g.) HTTPUpgrade Anti Ads & porn: /vless-hu-antiporn"
echo -e "================================="
echo -e "alpn: "
echo -e "a.) WS/HU: http/1.1"
echo -e "b.) GRPC: h2"
echo -e "================================="
echo -e "tls:"
echo -e "a.) WS/HU: true (tls), false (nontls)"
echo -e "b.) GRPC: true"
echo -e "================================="
echo -e "allowInsecure: true"
echo -e "================================="
echo -e "Link Subscription : https://${domain}${subs}"
echo -e "================================="
echo -e "Masa Aktif: ${human_readable_exp} [${expiry_minutes} Menit]" 
      ;;
    "ss")
clear
echo -e "=======-XRAY/SHADOWSOCKS======="
echo -e ""
echo -e "Remarks: ${username}"
echo -e "Domain: ${domain}"
echo -e "Quota: Unlimited"
# Replace values and specific reset strategies
  case "${reset_strategy}" in
    "no_reset") reset_strategy="Loss_doll";;
esac
echo -e "Reset Quota Strategy: ${reset_strategy}"
echo -e "================================="
echo -e "🔑 Port Outline: 1080"
echo -e "🔑 Port TLS: 443, 8443, 8880"
echo -e "🔑 Port nonTLS: 80, 2082, 2083, 3128, 8080"
echo -e "================================="
echo -e "password: ${pass}"
echo -e "================================="
echo -e "network: none/tcp/ws/grpc"
echo -e "================================="
echo -e "path: "
echo -e "a.) TCP: /ss-tcp"
echo -e "a.) WS: /shadowsocks atau /enter-your-custom-path/shadowsocks"
echo -e "b.) WS Antiads: /shadowsocks-antiads"
echo -e "d.) WS Anti Ads & porn: /shadowsocks-antiporn"
echo -e "e.) GRPC: shadowsocks-service"
echo -e "================================="
echo -e "alpn: "
echo -e "a.) WS/TCP: http/1.1"
echo -e "b.) GRPC: h2"
echo -e "================================="
echo -e "tls:"
echo -e "a.) WS: true (tls), false (nontls)"
echo -e "b.) GRPC: true"
echo -e "allowInsecure: true"
echo -e "================================="
echo -e "Link config: https://${domain}/oc-${user}.conf"
echo -e "================================="
echo -e "Link Subscription : https://${domain}${subs}"
echo -e "================================="
echo -e "Masa Aktif: ${human_readable_exp} [${expiry_minutes} Menit]" 
      ;;
    *)
      echo "Unknown protocol"
      ;;
  esac
}

# Main script

# Check if the correct number of arguments is provided
if [ "$#" -ne 2 ]; then
  echo "Usage: $0 <protocol> <expiry_minutes>"
  exit 1
fi

# Input variables (replace with actual values)
api_host="127.0.0.1"
get_marzban_api_port() {
  local env_file="/opt/marzban/.env"
  [[ -r "$env_file" ]] || { echo "7879"; return; }   # fallback opsional

  local port
  port="$(grep -E '^[[:space:]]*UVICORN_PORT[[:space:]]*=' "$env_file" \
           | tail -n1 \
           | sed -E 's/.*=[[:space:]]*["'\'']?([0-9]+).*/\1/')"

  # Validasi angka
  if [[ "$port" =~ ^[0-9]+$ ]]; then
    echo "$port"
  else
    echo "7879"   # fallback opsional lain
  fi
}

api_port="$(get_marzban_api_port)"
domain=$(cat /root/domain)
token=$(cat /root/token.json | jq -r .access_token)
kataacak=$(openssl rand -base64 12 | tr -dc 'a-zA-Z0-9' | head -c12)
exp="$(date -d "+$2 minutes" +"%s")"
limitq="0"
reset_strategy="no_reset"

protocol=$1
expiry_minutes=$2

# Create VPN user
create_vpn_user $protocol
subs=$(cat "/tmp/${username}_${protocol}.json" | jq -r .subscription_url)

# Buat skrip hapus_trial
#echo "#!/bin/bash
#hapus ${username}
#(crontab -l | grep -v "/usr/bin/hapus_trial${username}") | crontab -
#rm -r /usr/bin/hapus_trial${username}" > /usr/bin/hapus_trial${username}

# Berikan izin eksekusi untuk skrip hapus_trial
#chmod +x "/usr/bin/hapus_trial${username}"

# Tambahkan entri crontab untuk menjalankan hapus_trial
#(crontab -l 2>/dev/null; echo "*/${expiry_minutes} * * * * /usr/bin/hapus_trial${username}") | crontab -

# Convert expiration time to human-readable format
human_readable_exp=$(date -d "@$exp" +"%Y-%m-%d %H:%M:%S")

# Display user details
display_user_details $protocol

# Clean up
rm -r "/tmp/${username}_${protocol}.json"
