#!/usr/local/cpanel/3rdparty/bin/perl

package scripts::setup_cpanel_dovecot_fts;

#                                      Copyright 2026 WebPros International, LLC
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited.

=encoding utf-8

=head1 NAME

setup_cpanel_dovecot_fts

=head1 SYNOPSIS

    setup_cpanel_dovecot_fts

=head1 DESCRIPTION

This command password protects solr and updates fts.conf

=cut

use strict;
use warnings;

use Cpanel::Transaction::File::Raw       ();
use Cpanel::AccessIds::ReducedPrivileges ();
use Cpanel::Rand::Get                    ();
use Digest::MD5                          ();
use Cpanel::FileUtils::Write             ();

use constant CONFIG_FILE      => '/etc/dovecot/fts.conf';
use constant CONFIG_PERMS     => 0640;
use constant REALM_PROPS_PATH => '/home/cpanelsolr/server/etc/realm.properties';
use constant INDEX_PATH       => '/home/cpanelsolr/server/solr/dovecot/data/index';
use constant SOLR_USER        => 'cpanelsolr';

use constant MIN_INDEX_VERSION_TO_USE_INDEX => 10;

our $VERSION = '1.0';

__PACKAGE__->run(@ARGV) unless caller();

sub run {
    my ($self) = @_;

    my ( $current_password, $current_username );

    {
        my $trans = Cpanel::Transaction::File::Raw->new( 'path' => CONFIG_FILE, 'permissions' => CONFIG_PERMS );
        my $sr    = $trans->get_data();
        ( $current_username, $current_password ) = $$sr =~ m{url=http://([^:]+):([^\@]+)}s;

        if ( !length $current_username || !length $current_password || $current_username =~ tr{%}{} || $current_password =~ tr{@}{} ) {
            $current_username = Cpanel::Rand::Get::getranddata( 16, [ 0 .. 9, 'A' .. 'Z', 'a' .. 'z' ] );
            $current_password = Cpanel::Rand::Get::getranddata( 16, [ 0 .. 9, 'A' .. 'Z', 'a' .. 'z' ] );

            $$sr =~ s{url=http://[^\@]+}{url=http://$current_username:$current_password}g;

            $trans->save_and_close_or_die();
        }
        else {
            $trans->close_or_die();
        }
    }

    {
        my $current_md5_password = Digest::MD5::md5_hex($current_password);
        my $privs                = Cpanel::AccessIds::ReducedPrivileges->new(SOLR_USER);
        Cpanel::FileUtils::Write::overwrite( REALM_PROPS_PATH, "$current_username: MD5:$current_md5_password,user-role\n", 0640 );
    }

    _check_index_version();

    return 0;
}

sub _check_index_version {
    local @INC = ( qw( /var/cpanel/perl ), @INC );

    require Cpanel::Dovecot::Solr::Utils;

    if ( -e INDEX_PATH() ) {
        my $version = eval { Cpanel::Dovecot::Solr::Utils::determine_index_version_or_die( INDEX_PATH() ) };
        my $err     = $@;

        # In a future Solr migration it might be feasible to use the
        # IndexUpgrader tool rather than rebuilding. Sadly, though, for
        # the v6->v8 migration it’s not possible.

        my $rebuild_yn;

        if ( !$version ) {
            print "This process did not read an index version: $err\n";
            $rebuild_yn = 1;
        }
        elsif ( $version < MIN_INDEX_VERSION_TO_USE_INDEX() ) {
            print "The existing index (version $version) is too old for the current Solr version.\n";
            $rebuild_yn = 1;
        }
        else {
            print "The existing index (version $version) is new enough for Solr to use it.\n";
        }

        if ($rebuild_yn) {
            print "The system will rebuild the index in the background.\n";

            require Cpanel::SafeRun::Object;
            Cpanel::SafeRun::Object->new(
                program => '/usr/local/cpanel/3rdparty/scripts/cpanel_dovecot_solr_rebuild_index',
                args    => [ '--delete', '--background' ],
                stdout  => \*STDOUT,
                stderr  => \*STDERR,
            );
        }
    }

    return;
}

1;
