#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH

: '
Copyright (C) 2022 - now  HaoZi Technology Co., Ltd.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.
'

source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
if [ $? -ne 0 ]; then
    echo "下载 public.sh 失败，请检查网络或稍后重试。"
    echo "Download public.sh failed, please check the network or try again later."
    exit 1
fi

channel=${1}
version=${2}
pureftpd_path="${setup_path}/server/pure-ftpd"
j=$(calculate_j)

# 安装依赖
if [ ${OS} == "rhel" ]; then
    dnf makecache -y
    dnf groupinstall "Development Tools" -y
    dnf install openssl-devel -y
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
    apt-get update
    apt-get install build-essential -y
    apt-get install libssl-dev -y
else
    error "不支持的操作系统"
fi
if [ "$?" != "0" ]; then
    error "安装依赖软件失败"
fi

# 准备安装目录
rm -rf ${pureftpd_path}
mkdir -p ${pureftpd_path}
cd ${pureftpd_path}

wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${pureftpd_path}/pure-ftpd-${version}.tar.gz ${download_url}/pureftpd/pure-ftpd-${version}.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${pureftpd_path}/pure-ftpd-${version}.tar.gz.sha256 ${download_url}/pureftpd/pure-ftpd-${version}.tar.gz.sha256

if ! sha256sum --status -c pure-ftpd-${version}.tar.gz.sha256; then
    rm -rf ${pureftpd_path}
    error "Pure-Ftpd 校验失败"
fi

tar -xvf pure-ftpd-${version}.tar.gz
rm -f pure-ftpd-${version}.tar.gz
rm -f pure-ftpd-${version}.tar.gz.sha256
mv pure-ftpd-${version} src
cd src

./configure --prefix=${pureftpd_path} CFLAGS=-O2 --with-puredb --with-quotas --with-cookie --with-virtualhosts --with-diraliases --with-sysquotas --with-ratios --with-altlog --with-paranoidmsg --with-shadow --with-welcomemsg --with-throttling --with-uploadscript --with-language=simplified-chinese --with-rfc2640 --with-ftpwho --with-tls
if [ "$?" != "0" ]; then
    rm -rf ${pureftpd_path}
    error "Pure-Ftpd 编译初始化失败"
fi

make "-j${j}"
if [ "$?" != "0" ]; then
    rm -rf ${pureftpd_path}
    error "Pure-Ftpd 编译失败"
fi

make install
if [ ! -f "${pureftpd_path}/bin/pure-pw" ]; then
    rm -rf ${pureftpd_path}
    error "Pure-Ftpd 安装失败"
fi

# 修改 pure-ftpd 配置文件
sed -i "s!# PureDB\s*/etc/pureftpd.pdb!PureDB ${pureftpd_path}/etc/pureftpd.pdb!" ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!# ChrootEveryone\s*yes!ChrootEveryone yes!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!NoAnonymous\s*no!NoAnonymous yes!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!AnonymousCanCreateDirs\s*yes!AnonymousCanCreateDirs no!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!AnonymousCantUpload\s*yes!AnonymousCantUpload no!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!PAMAuthentication\s*yes!PAMAuthentication no!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!UnixAuthentication\s*yes!UnixAuthentication no!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!# PassivePortRange\s*30000 50000!PassivePortRange 39000 40000!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!PassivePortRange\s*30000 50000!PassivePortRange 39000 40000!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!LimitRecursion\s*10000 8!LimitRecursion 20000 8!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!# TLS!TLS!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i "s!# CertFile\s*/etc/ssl/private/pure-ftpd.pem!CertFile ${pureftpd_path}/etc/pure-ftpd.pem!" ${pureftpd_path}/etc/pure-ftpd.conf
sed -i 's!# Bind\s*127.0.0.1,21!Bind 0.0.0.0,21!' ${pureftpd_path}/etc/pure-ftpd.conf
sed -i "s!# PIDFile\s*/var/run/pure-ftpd.pid!PIDFile ${pureftpd_path}/etc/pure-ftpd.pid!" ${pureftpd_path}/etc/pure-ftpd.conf
touch ${pureftpd_path}/etc/pureftpd.passwd
touch ${pureftpd_path}/etc/pureftpd.pdb

openssl dhparam -out ${pureftpd_path}/etc/pure-ftpd-dhparams.pem 2048
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -sha256 -keyout ${pureftpd_path}/etc/pure-ftpd.pem -out ${pureftpd_path}/etc/pure-ftpd.pem -subj "/C=CN/ST=Tianjin/L=Tianjin/O=HaoZi Technology Co., Ltd./OU=HaoZi Panel/CN=Panel"
chmod 600 ${pureftpd_path}/etc/*.pem

# 添加系统服务
ln -sf ${pureftpd_path}/bin/pure-pw /usr/bin/pure-pw

cat >/etc/systemd/system/pure-ftpd.service <<EOF
[Unit]
Description=Pure-FTPd FTP server
After=syslog.target network.target

[Service]
Type=forking
PIDFile=${pureftpd_path}/etc/pure-ftpd.pid
ExecStart=${pureftpd_path}/sbin/pure-ftpd ${pureftpd_path}/etc/pure-ftpd.conf
ExecStartPost=/bin/sleep 2
ExecStop=/bin/kill -TERM \$MAINPID
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target
EOF

# 添加防火墙规则
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=39000-40000/tcp --permanent
firewall-cmd --reload

systemctl daemon-reload
systemctl enable --now pure-ftpd
if [ "$?" != "0" ]; then
    error "启动失败"
fi

panel-cli app write pureftpd ${channel} ${version}

echo -e $HR
echo "安装完成"
echo -e $HR