#!/usr/bin/env bash
# Hapus semua user yang statusnya "expired" di Marzban
# - Ambil UVICORN_PORT dari /opt/marzban/.env (fallback 7879)
# - Gunakan token admin dari /root/token.json (.access_token)
# - DELETE ke /api/admin/user/<username>
# - Catat log per-protocol ke /root/log-exp-<protocol>.txt
# Optional: DRY_RUN=1 untuk simulasi tanpa hapus

set -euo pipefail

# ---------- Konfigurasi & util ----------
DOMAIN="${DOMAIN:-$(cat /root/domain 2>/dev/null || echo "")}"
TOKEN="$(jq -r .access_token /root/token.json 2>/dev/null || true)"
API_HOST="${API_HOST:-127.0.0.1}"

get_marzban_api_port() {
  local env_file="/opt/marzban/.env"
  [[ -r "$env_file" ]] || { echo "7879"; return; }
  # Cari UVICORN_PORT = 7879 atau "7879"
  local port
  port="$(grep -E '^[[:space:]]*UVICORN_PORT[[:space:]]*=' "$env_file" \
           | tail -n1 \
           | sed -E 's/.*=[[:space:]]*["'\'']?([0-9]+).*/\1/')" || true
  [[ "$port" =~ ^[0-9]+$ ]] && echo "$port" || echo "7879"
}

API_PORT="$(get_marzban_api_port)"
API_BASE="http://${API_HOST}:${API_PORT}/api"
NOW_DATE="$(date +'%m-%d-%Y')"
NOW_TIME="$(date +'%T')"

# ---------- Validasi awal ----------
if [[ -z "$TOKEN" || "$TOKEN" == "null" ]]; then
  echo "ERROR: Token tidak ditemukan/invalid di /root/token.json (.access_token)." >&2
  exit 1
fi

# ---------- Fungsi HTTP ----------
api_get() {
  local url="$1"
  curl -fsSL \
    -H 'accept: application/json' \
    -H "Authorization: Bearer ${TOKEN}" \
    "$url"
}

api_delete_user() {
  local username="$1"
  curl -fsS -X DELETE \
    -H 'accept: application/json' \
    -H "Authorization: Bearer ${TOKEN}" \
    "${API_BASE}/user/${username}"
}

# ---------- Ambil daftar expired ----------
# Catatan: response Marzban baru biasanya: {"total":N,"users":[...]}
# Namun untuk jaga2 jika "items", kita fallback ke .items
echo "Mengambil daftar user expired dari ${API_BASE}/users?status=expired ..."
RAW="$(api_get "${API_BASE}/users?status=expired&limit=1000" || true)"

if [[ -z "$RAW" ]]; then
  echo "Tidak ada response dari API (kosong). Cek Marzban/API port/token." >&2
  exit 1
fi

# Bentuk data minimal: [{"username":"u","protocol":"vmess"} ...]
# protocol diambil dari kunci pertama di .proxies
USERS_JSON="$(jq -c '
  ( .users // .items // [] )
  | map(select(.status == "expired"))
  | map({
      username: .username,
      protocol: ((.proxies | keys_unsorted[0]) // "unknown")
    })
' <<< "$RAW")"

COUNT="$(jq 'length' <<< "$USERS_JSON")"

if (( COUNT == 0 )); then
  echo "Tidak ada user berstatus expired. Selesai."
  exit 0
fi

echo "Ditemukan ${COUNT} user expired."

# ---------- Hapus satu per satu ----------
DELETED=0
FAILED=0

# Iterasi aman
jq -c '.[]' <<< "$USERS_JSON" | while read -r row; do
  username="$(jq -r '.username' <<< "$row")"
  protocol="$(jq -r '.protocol' <<< "$row")"
  log_file="/root/log-exp-${protocol}.txt"

  if [[ "${DRY_RUN:-0}" == "1" ]]; then
    echo "[DRY-RUN] Akan menghapus user: ${username} (protocol: ${protocol})"
    echo "Pada tanggal ${NOW_DATE} pukul ${NOW_TIME}, [DRY-RUN] user ${username} protokol ${protocol} terdeteksi Expired" >> "$log_file"
    continue
  fi

  if api_delete_user "$username"; then
    echo "Hapus OK: ${username} (${protocol})"
    echo "Pada tanggal ${NOW_DATE} pukul ${NOW_TIME}, Untuk user ${username} dengan protokol ${protocol} telah mencapai Expired" >> "$log_file"
    # Bersihkan file config jika ada
    cfg="/var/www/html/oc-${username}.conf"
    [[ -e "$cfg" ]] && rm -f -- "$cfg" || true
    ((DELETED++)) || true
  else
    echo "Hapus GAGAL: ${username} (${protocol})" >&2
    ((FAILED++)) || true
  fi
done

# ---------- Ringkasan ----------
# Catatan: karena loop subshell, variabel DELETED/FAILED di atas tidak ter-update di shell utama.
# Kita hitung ulang dari log proses di stdout yang baru saja dicetak.

# Hitung ulang dari output (opsional), atau cukup info selesai:
echo "Selesai memproses user expired."
[[ "${DRY_RUN:-0}" == "1" ]] && echo "MODE: DRY-RUN (tidak ada penghapusan nyata)."