#!/usr/bin/env bash

# yadm - Yet Another Dotfiles Manager
# Copyright (C) 2015-2019 Tim Byrne and Martin Zuther

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.


YADM_CHECKSUMS="$YADM_HOOK_DIR/files.checksums"
WARNING_MESSAGE="Checksums were not verified"

# unpack exported array; filenames including a newline character (\n)
# are NOT supported
OLD_IFS="$IFS"
IFS=$'\n'
YADM_ENCRYPT_INCLUDE_FILES=( $YADM_ENCRYPT_INCLUDE_FILES )
IFS="$OLD_IFS"


function get_checksum_command {
    # check if "shasum" exists and supports the algorithm (which is
    # tested by sending an empty string to "shasum")
    if command -v "shasum" > /dev/null && echo -n | shasum --algorithm "256" &> /dev/null; then
        echo "shasum --algorithm 256"
    # check if "sha256sum" exists
    elif command -v "sha256sum" > /dev/null; then
        echo "sha256sum"
    # check if "gsha256sum" exists
    elif command -v "gsha256sum" > /dev/null; then
        echo "gsha256sum"
    else
        # display warning in bright yellow
        echo -e "\033[1;33m" >&2
        echo -n "WARNING: \"shasum\", \"sha256sum\" and \"gsha256sum\" not found.   $WARNING_MESSAGE." >&2

        # reset output color
        echo -e "\033[0m" >&2

        # signal error
        return 1
    fi
}


# if there is no checksum file, exit with original status of yadm
# command
if [ ! -f "$YADM_CHECKSUMS" ]; then
    exit "$YADM_HOOK_EXIT"
fi

# get checksum command
CHECKSUM_COMMAND=$(get_checksum_command)
ERROR_CODE=$?

# no command found
if [ $ERROR_CODE -ne 0 ]; then
    # return original exit status of yadm command
    exit "$YADM_HOOK_EXIT"
fi

# check encrypted files for differences and capture output and error
# messages
YADM_CHECKSUM_OUTPUT=$($CHECKSUM_COMMAND --check "$YADM_CHECKSUMS" 2>&1)
ERROR_CODE=$?

# handle mismatched checksums and errors
if [ $ERROR_CODE -ne 0 ]; then
    echo
    echo "Some SHA-256 sums do not match (or an error occurred):"

    # display differing files and errors (highlighted in red)
    echo -e "\033[0;31m"

    while IFS= read -r line; do
        # try to beautify output (requires "grep" and "sed")
        if command -v grep > /dev/null && command -v sed > /dev/null; then
            echo "$line" | grep -iv "\sok$" | sed 's/^/        / ; s/: FAILED$// ; /^.*WARNING:.*did NOT match$/ d'
        else
            echo "$line"
        fi
    done <<< "$YADM_CHECKSUM_OUTPUT"

    # reset output color
    echo -e "\033[0m"

    # display advice for differing files and signal error
    echo "Consider running either \"yadm encrypt\" or \"yadm decrypt\"."
    exit $ERROR_CODE
fi