#!/bin/bash

source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.acepanel.net/public.sh)
if [ $? -ne 0 ]; then
    echo "Download public.sh failed, please check the network or try again later."
    exit 1
fi

channel=${1}
version=${2}
nginx_path="${setup_path}/server/nginx"
j=$(calculate_j)

# 预检查
systemctl is-active --quiet nginx
if [ "$?" != "0" ]; then
    error "Application is not running properly"
fi

# 准备目录
cd ${nginx_path}
rm -rf src

# 下载源码
dl "${nginx_path}" "/openresty/openresty-${version}.tar.gz"

tar -zxvf openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz
mv openresty-${version} src
cd src

# tls library
dl "${nginx_path}/src" "/tls/openssl-3.5.4.7z"

7z x openssl-3.5.4.7z
rm -f openssl-3.5.4.7z
mv openssl-3.5.4 openssl
chmod -R 700 openssl

# 加载 tls 模块，ktls 需要
modprobe tls

# OpenSSL 补丁
cd openssl
patch -p1 < ${nginx_path}/src/patches/openssl-3.5.4-sess_set_get_cb_yield.patch
if [ "$?" != "0" ]; then
    rm -rf ${nginx_path}/src
    error "OpenSSL patch application failed"
fi
cd ${nginx_path}/src

# pcre2
dl "${nginx_path}/src" "/nginx/pcre/pcre2-10.46.7z"

7z x pcre2-10.46.7z
rm -f pcre2-10.46.7z
mv pcre2-10.46 pcre2
chmod -R 700 pcre2

# ngx_cache_purge
dl "${nginx_path}/src" "/nginx/modules/ngx_cache_purge-2.3.tar.gz"

tar -zxvf ngx_cache_purge-2.3.tar.gz
rm -f ngx_cache_purge-2.3.tar.gz
mv ngx_cache_purge-2.3 ngx_cache_purge

# nginx-sticky-module
dl "${nginx_path}/src" "/nginx/modules/nginx-sticky-module.zip"

unzip -o nginx-sticky-module.zip
rm -f nginx-sticky-module.zip

# nginx-dav-ext-module
dl "${nginx_path}/src" "/nginx/modules/nginx-dav-ext-module-3.0.0.tar.gz"

tar -xvf nginx-dav-ext-module-3.0.0.tar.gz
rm -f nginx-dav-ext-module-3.0.0.tar.gz
mv nginx-dav-ext-module-3.0.0 nginx-dav-ext-module

# ngx_http_security_headers_module
dl "${nginx_path}/src" "/nginx/modules/ngx_http_security_headers_module.zip"
unzip -o ngx_http_security_headers_module.zip
rm -f ngx_http_security_headers_module.zip

# ngx_http_trim_filter_module
dl "${nginx_path}/src" "/nginx/modules/ngx_http_trim_filter_module.zip"
unzip -o ngx_http_trim_filter_module.zip
rm -f ngx_http_trim_filter_module.zip

# ngx_http_zstd_module
dl "${nginx_path}/src" "/nginx/modules/ngx_http_zstd_module.zip"
unzip -o ngx_http_zstd_module.zip
rm -f ngx_http_zstd_module.zip

# ngx_brotli
dl "${nginx_path}/src" "/nginx/modules/ngx_brotli-a71f931.zip"

unzip -o ngx_brotli-a71f931.zip
mv ngx_brotli-a71f931 ngx_brotli
rm -f ngx_brotli-a71f931.zip
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
if [ "$?" != "0" ]; then
    rm -rf ${nginx_path}/src
    error "ngx_brotli compilation failed"
fi

cd ${nginx_path}/src
chmod +x configure

./configure --user=www --group=www \
    --prefix=${nginx_path} --with-luajit \
    --add-module=${nginx_path}/src/ngx_cache_purge \
    --add-module=${nginx_path}/src/nginx-sticky-module \
    --with-openssl=${nginx_path}/src/openssl \
    --with-openssl-opt="no-tests enable-ktls" \
    --with-pcre=${nginx_path}/src/pcre2 --with-pcre-jit \
    --with-ld-opt="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" \
    --with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -march=native -mtune=native -Ofast -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
    --with-luajit-xcflags="-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT" \
    --with-file-aio \
    --with-threads \
    --with-compat \
    --with-http_v2_module --with-http_v3_module \
    --with-http_slice_module \
    --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module \
    --with-http_stub_status_module \
    --with-http_ssl_module \
    --with-http_image_filter_module \
    --with-http_gzip_static_module --with-http_gunzip_module \
    --with-http_sub_module \
    --with-http_flv_module \
    --with-http_addition_module \
    --with-http_realip_module \
    --with-http_mp4_module \
    --with-http_auth_request_module \
    --with-http_secure_link_module \
    --with-http_random_index_module \
    --with-http_dav_module \
    --add-module=${nginx_path}/src/nginx-dav-ext-module \
    --add-module=${nginx_path}/src/ngx_http_security_headers_module \
    --add-module=${nginx_path}/src/ngx_http_trim_filter_module \
    --add-module=${nginx_path}/src/ngx_brotli \
    --add-module=${nginx_path}/src/ngx_http_zstd_module
make "-j${j}"
if [ "$?" != "0" ]; then
    error "Compilation failed"
fi

# 停止已有服务
systemctl stop nginx

make install
if [ ! -f "${nginx_path}/nginx/sbin/nginx" ]; then
    error "Installation failed"
fi

cd ${nginx_path}

# 处理文件权限
chmod -R 755 ${nginx_path}

systemctl daemon-reload
systemctl start nginx
if [ "$?" != "0" ]; then
    error "Failed to start"
fi

acepanel app write openresty ${channel} ${version}

echo -e $HR
echo "Upgrade successful"
echo -e $HR