#!/usr/bin/env bash
# Usage:
#   renewnoobz <user>             # renew default (noobzvpns renew USER)
#   renewnoobz <user> <days>      # set expired to <days> using edit -e DAYS
set -euo pipefail

PROTOCOL_DEFAULT="tcp_mux_ssl_direct"
NGINX_XRAY_FILE="/opt/marzban/xray.conf"
DOMAIN_FILE="/root/domain"
NOOBZ_CONF="/etc/noobzvpns/config.toml"
TG_CONF="/etc/gegevps/bin/telegram_config.conf"
LOG_DIR="/var/log/renewnoobz"

if [[ $EUID -ne 0 ]]; then echo "Run as root."; exit 1; fi
if [[ $# -lt 1 || $# -gt 2 ]]; then
  echo "Usage: $0 <user> [days]"
  exit 1
fi

USER="$1"
DAYS="${2:-}"   # optional

need(){ command -v "$1" >/dev/null 2>&1 || { echo "Need command: $1"; exit 1; }; }
need noobzvpns
command -v jq >/dev/null 2>&1 || { apt-get update -y >/dev/null 2>&1 || true; apt-get install -y jq >/dev/null 2>&1 || { echo "Install jq manually."; exit 1; }; }
command -v curl >/dev/null 2>&1 || { apt-get update -y >/dev/null 2>&1 || true; apt-get install -y curl >/dev/null 2>&1 || { echo "Install curl manually."; exit 1; }; }
mkdir -p "$LOG_DIR"

# Domain
if [[ -s "$DOMAIN_FILE" ]]; then DOMAIN="$(tr -d ' \t\r\n' < "$DOMAIN_FILE")"; else DOMAIN="$(hostname -f 2>/dev/null || hostname)"; fi

# Identifier
IDENTIFIER="$(grep -E '^\s*identifier\s*=' "$NOOBZ_CONF" 2>/dev/null | head -n1 | sed -E 's/.*=\s*"([^"]+)".*/\1/')"
[[ -n "$IDENTIFIER" ]] || IDENTIFIER="$(grep -E 'identifier' "$NOOBZ_CONF" 2>/dev/null | head -n1 | sed -E 's/.*=\s*"([^"]+)".*/\1/')"
[[ -n "$IDENTIFIER" ]] || IDENTIFIER="noobz"

# Payload path (optional best-effort)
PAYLOAD_PATH="/lingvpn-noobz"
if [[ -f "$NGINX_XRAY_FILE" ]]; then
  block="$(awk '$0 ~ /server\s*{/ {ins=1} ins{buf=buf $0 ORS} $0 ~ /}/ && ins{ins=0; print buf; buf=""}' "$NGINX_XRAY_FILE" \
          | awk '/listen[^;]*12000/ {hit=1} {if(hit) print}' | head -n 500)"
  loc="$(sed -nE 's/.*location\s+\/([^[:space:]\{]+).*/\1/p' <<<"$block" | head -n1)"
  [[ -n "$loc" ]] && PAYLOAD_PATH="/$loc"
fi

# === Eksekusi renew/edit (JSON) ===
if [[ -n "$DAYS" ]]; then
  # Set masa aktif jadi X hari dari sekarang (edit -e DAYS) — dok: "Edit User" :contentReference[oaicite:2]{index=2}
  set +e
  JSON_OUT="$(noobzvpns -j edit "$USER" -e "$DAYS" 2>&1)"
  RET=$?
  set -e
  ACTION="$(echo "$JSON_OUT" | jq -r '.[0] | keys[0]' 2>/dev/null || true)"
  ERRVAL="$(echo "$JSON_OUT" | jq -r '.[0][keys[0]].error // empty' 2>/dev/null || true)"
  if [[ $RET -ne 0 || -n "$ERRVAL" && "$ERRVAL" != "null" ]]; then
    echo "noobzvpns edit FAILED"
    echo "Action : ${ACTION:-unknown}"
    echo "Error  : ${ERRVAL:-<none>}"
    echo "Raw    : $JSON_OUT"
    exit 1
  fi
  MODE="EDIT_EXPIRE"
else
  # Renew bawaan (no param) — dok: "Renew User" :contentReference[oaicite:3]{index=3}
  set +e
  JSON_OUT="$(noobzvpns -j renew "$USER" 2>&1)"
  RET=$?
  set -e
  ACTION="$(echo "$JSON_OUT" | jq -r '.[0] | keys[0]' 2>/dev/null || true)"
  ERRVAL="$(echo "$JSON_OUT" | jq -r '.[0][keys[0]].error // empty' 2>/dev/null || true)"
  if [[ $RET -ne 0 || -n "$ERRVAL" && "$ERRVAL" != "null" ]]; then
    echo "noobzvpns renew FAILED"
    echo "Action : ${ACTION:-unknown}"
    echo "Error  : ${ERRVAL:-<none>}"
    echo "Raw    : $JSON_OUT"
    exit 1
  fi
  MODE="RENEW_DEFAULT"
fi

# Ambil info user setelah perubahan (pakai print)
PRINT_OUT="$(noobzvpns print "$USER" 2>/dev/null || true)"

# Ambil ringkasan field human-readable dari print (best-effort)
get_field(){ sed -nE "s/^\s*-\s*$1\s*:\s*(.*)\s*$/\1/p"; }

PW="$(echo "$PRINT_OUT" | get_field 'password')"
EXPIRED_TXT="$(echo "$PRINT_OUT" | get_field 'expired')"
BAND_TXT="$(echo "$PRINT_OUT" | get_field 'bandwidth')"
DEV_TXT="$(echo "$PRINT_OUT" | get_field 'devices')"
ISSUED_TXT="$(echo "$PRINT_OUT" | get_field 'issued')"

PROTO="$PROTOCOL_DEFAULT"; SNI="$DOMAIN"
SERVER_SSL="${DOMAIN}:443"; SERVER_PLAIN="${DOMAIN}:80"; CLIENT_USER="${USER}@${IDENTIFIER}"

SUMMARY=$(cat <<EOF
==================== NOOBZVPN USER (RENEW) ====================
User          : ${USER}
Mode          : ${MODE}
Domain        : ${DOMAIN}
Protocol      : ${PROTO}
IP Family     : IPv4
SSL SNI       : ${SNI}
Server (SSL)  : ${SERVER_SSL}
Server (PLAIN): ${SERVER_PLAIN}
Username      : ${CLIENT_USER}
Password      : ${PW:-<hidden>}
Limit Device  : ${DEV_TXT:-<unknown>}
Bandwidth     : ${BAND_TXT:-<unknown>}
Expired       : ${EXPIRED_TXT:-<unknown>}
Issued        : ${ISSUED_TXT:-<unknown>}
Payload (WS)  : GET ${PAYLOAD_PATH} HTTP/1.1[crlf]Host: ${DOMAIN}[crlf]Upgrade: Websocket[crlf]Connection: Keep-Alive[crlf]User-Agent: [ua][crlf][crlf]
==============================================================
EOF
)

# 1) cetak ke terminal
printf "%s\n" "$SUMMARY"

# 2) simpan log
LOG_FILE="${LOG_DIR}/${USER}.txt"
printf "%s\n" "$SUMMARY" > "$LOG_FILE"

# 3) kirim Telegram (opsional)
if [[ -f "$TG_CONF" ]]; then
  # shellcheck disable=SC1090
  . "$TG_CONF" || true
  TG_TOKEN="${TELEGRAM_BOT_TOKEN:-}"
  TG_CHAT_ID="${TELEGRAM_CHAT_ID:-}"
  if [[ -n "$TG_TOKEN" && -n "$TG_CHAT_ID" ]]; then
    MSG_TITLE="NoobzVPN - User Renewed"
    MSG_BODY="$SUMMARY"
    MSG="<b>${MSG_TITLE}</b>\n<pre>${MSG_BODY}</pre>"
    curl -sS -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
      --data-urlencode "chat_id=${TG_CHAT_ID}" \
      --data-urlencode "parse_mode=HTML" \
      --data-urlencode "disable_web_page_preview=true" \
      --data-urlencode "text=${MSG}" >/dev/null || echo "Warning: gagal kirim Telegram (di-skip)."
  fi
fi
