<?php
/**
 * Sf_Admin
 *
 * @author André Genrich <andre.genrich@thurdata.ch>
 * @author Roland Käser <roland.keaser@thurdata.ch>
 * @version 0.9
 * @copyright Copyright (c) 2021, Thurdata
 * @example ../test.php
 */
/**
 * Sf_Admin class documentation
 */
/**
 * Sf_Admin is a class which allows to manage Seafile accounts via web-api/v2.1-admin
 *
 * You may create, modify, migrate, delete and get the attributes of a Seafile account using this class
 *
 * For the usage examples of all class methods check the source code of test.php
 */
class Sf_Admin {
    private $loginSuccess;
    private $constructorSuccess;
    private $sfURL;
    private $sfConType;
    private $sfPort;
    private $sfSecure;
    private $sfAdminName;
    private $sfPassword;
    protected $sfToken;
	/**
	 * Constructor
         * @param string $seafileURL Seafile URL (example: https://seafile.my.lan)
	 * @param string $username admin/user account's e-mail
	 * @param string $password admin/user account's password
	 * @param string $secure optional false to force unsecure (default true)
	 */
    function __construct($seafileURL, $username, $password, $secure=true) {
        if(!in_array('curl', get_loaded_extensions())) {
            $this->constructorSuccess = false;
            return array('error_msg' => 'Error: PHP curl extension not available');
        }
        if (empty($seafileURL) || empty($username) || empty($password)) {
            $this->constructorSuccess = false;
            return array('error_msg' => 'Error: Server login info missing, check server configuration');
        }
        if(preg_match('/^https/', $seafileURL)) {
            $this->sfConType = 'https://';
            if($secure) {
                $this->sfSecure = true;
            } else {
                $this->sfSecure = false;
            }
        }else {
            $this->sfConType = 'http://';
            $this->sfSecure = false;
        }
        $sfHostname = str_replace(array('http://', 'https://'), array('',''), $seafileURL);
        $sfHostname = explode(':', $sfHostname);
        if (gethostbyname($sfHostname[0]) == $sfHostname[0] && !filter_var($sfHostname[0], FILTER_VALIDATE_IP)) {
            $this->constructorSuccess = false;
            return array('error_msg' => 'Error: Cannot resolve ' . $sfHostname[0] . ', check server configuration');
        }
        $this->sfPort = ($sfHostname[1]) ? $sfHostname[1] :  '8000';
        $this->sfURL = $this->sfConType . $sfHostname[0] . ':' . $this->sfPort;
        $this->sfAdminName = $username;
        $this->sfPassword = $password;
        $this->sfToken = null;
        $this->constructorSuccess = true;
    }

    public function constructorSuccess() {
        return $this->constructorSuccess;
    }
	/**
	 * login
	 * 
	 * fetch and set seafile lofin token
	 * @return array error or true
	 */
    public function login() {
        if (!$this->constructorSuccess()) {
                return array('error_msg' => 'Error: construct failed, something missing');
        }
        $sfClient = curl_init();
        
        curl_setopt($sfClient, CURLOPT_URL, $this->sfURL . '/api2/auth-token/');
        curl_setopt($sfClient, CURLOPT_CONNECTTIMEOUT, '30');
        curl_setopt($sfClient, CURLOPT_POST, true);
        curl_setopt($sfClient, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($sfClient, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($sfClient, CURLOPT_POSTFIELDS, array('username' => $this->sfAdminName, 'password' => $this->sfPassword));
        if(!$this->sfSecure) {
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYHOST, false);
        }
        curl_setopt($sfClient, CURLOPT_HEADER, false);
        $authResponse = curl_exec($sfClient);
        $responseCode = curl_getinfo($sfClient, CURLINFO_RESPONSE_CODE);
        if($responseCode != 200) {
            curl_close($sfClient);
            unset($sfClient);
            return array('error_msg' => $authResponse, 'response_code' => $responseCode);
        };
        curl_close($sfClient);
        unset($sfClient);
        
        $authResponseData = json_decode($authResponse, true);
        if (!$authResponseData['token']) {
                $this->loginSuccess = false;
                error_log(print_r($authResponseData,true));
                return array('error_msg' => $authResponse);
        } else {
                $this->sfToken = $authResponseData['token'];
                $this->loginSuccess = true;
                return true;
        }
    }
	/**
	 * loginSuccess
	 * 
	 * @return bool
	 */
    public function loginSuccess() {
        return $this->loginSuccess;
    }
	/**
	 * getAllAccounts
	 * 
	 * @return array of seafile accounts array of informations or error message
	 */
    public function getAllAccounts() {
        if (!$this->loginSuccess()) {
            return array('error_msg' => 'Error: not authenticated');
        }
        $sfClient = curl_init();
        curl_setopt($sfClient, CURLOPT_URL, $this->sfURL . '/api/v2.1/admin/users/');
        curl_setopt($sfClient, CURLOPT_CONNECTTIMEOUT, '30');
        curl_setopt($sfClient, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($sfClient, CURLOPT_RETURNTRANSFER, true);
        if(!$this->sfSecure) {
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYHOST, false);
        }
        curl_setopt($sfClient, CURLOPT_HTTPHEADER, array( 'Authorization: Token ' . $this->sfToken, 'Accept: application/json; charset=utf-8; indent=4'));
        $response = curl_exec($sfClient);
        if(curl_getinfo($sfClient, CURLINFO_RESPONSE_CODE) != 200) {
            curl_close($sfClient);
            return array('error_msg' => $response);
        };
        curl_close($sfClient);
        return json_decode($response, true);
    }
	/**
	 * getAccount
	 * 
	 * @param string $email login e-mail
	 * 
	 * @return array of account informations or error message
	 */
    public function getAccount($email) {
        if (!$this->loginSuccess()) {
            return array('error_msg' => 'Error: not authenticated');
        }
        $sfClient = curl_init();
        curl_setopt($sfClient, CURLOPT_URL, $this->sfURL . '/api/v2.1/admin/users/' . $email . '/');
        curl_setopt($sfClient, CURLOPT_CONNECTTIMEOUT, '30');
        curl_setopt($sfClient, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($sfClient, CURLOPT_RETURNTRANSFER, true);
        if(!$this->sfSecure) {
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYHOST, false);
        }
        curl_setopt($sfClient, CURLOPT_HTTPHEADER, array( 'Authorization: Token ' . $this->sfToken, 'Accept: application/json; charset=utf-8; indent=4'));
        $response = curl_exec($sfClient);
        if(curl_getinfo($sfClient, CURLINFO_RESPONSE_CODE) != 200) {
            curl_close($sfClient);
            return array('error_msg' => $response);
        };
        curl_close($sfClient);
        return json_decode($response, true);
	}
	/**
	 * getAccount
	 * 
	 * @param array $params avvount informations, email required.
     * 
	 * @see https://download.seafile.com/published/web-api/v2.1-admin/accounts.md#user-content-Add%20User
     * 
	 * @return array of account informations or error message
	 */
    public function createAccount($params) {
        if (!$this->loginSuccess()) {
            return array('error_msg' => 'Error: not authenticated');
        }
        if(!isset($params['email'])) {
            return array('error_msg' => 'Error: missing parameter email');
        }
        $sfClient = curl_init();
        curl_setopt($sfClient, CURLOPT_URL, $this->sfURL . '/api/v2.1/admin/users/');
        curl_setopt($sfClient, CURLOPT_CONNECTTIMEOUT, '30');
        curl_setopt($sfClient, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($sfClient, CURLOPT_RETURNTRANSFER, true);
        if(!$this->sfSecure) {
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYHOST, false);
        }
        curl_setopt($sfClient, CURLOPT_HTTPHEADER, array( 'Authorization: Token ' . $this->sfToken, 'Accept: application/json; charset=utf-8; indent=4'));
		curl_setopt($sfClient, CURLOPT_POST, 1);
		curl_setopt($sfClient, CURLOPT_POSTFIELDS, $params);
        $response = curl_exec($sfClient);
        if(curl_getinfo($sfClient, CURLINFO_RESPONSE_CODE) != 200) {
            curl_close($sfClient);
            return array('error_msg' => $response);
        };
        curl_close($sfClient);
        return json_decode($response, true);
	}
	/**
	 * modifyAccount
	 * 
	 * @param array $params avvount informations, email required.
     * 
	 * @see https://download.seafile.com/published/web-api/v2.1-admin/accounts.md#user-content-Add%20User
     * 
	 * @return array of account informations or error message
	 */
    public function modifyAccount($params) {
        if (!$this->loginSuccess()) {
            return array('error_msg' => 'Error: not authenticated');
        }
        if(!isset($params['email'])) {
            return array('error_msg' => 'Error: missing parameter email');
        }
        $account = $params['email'];
        unset($params['email']);
        $sfClient = curl_init();
        curl_setopt($sfClient, CURLOPT_URL, $this->sfURL . '/api/v2.1/admin/users/' . $account . '/');
		curl_setopt($sfClient, CURLOPT_CUSTOMREQUEST, 'PUT');
        curl_setopt($sfClient, CURLOPT_CONNECTTIMEOUT, '30');
        curl_setopt($sfClient, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($sfClient, CURLOPT_RETURNTRANSFER, true);
        if(!$this->sfSecure) {
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYHOST, false);
        }
        curl_setopt($sfClient, CURLOPT_HTTPHEADER, array( 'Authorization: Token ' . $this->sfToken, 'Accept: application/json; charset=utf-8; indent=4'));
		curl_setopt($sfClient, CURLOPT_POST, 1);
		curl_setopt($sfClient, CURLOPT_POSTFIELDS, $params);
        $response = curl_exec($sfClient);
        if(curl_getinfo($sfClient, CURLINFO_RESPONSE_CODE) != 200) {
            curl_close($sfClient);
            return array('error_msg' => $response);
        };
        curl_close($sfClient);
        return json_decode($response, true);
	}
	/**
	 * deleteAccount
	 * 
	 * @param string $email login e-mail
	 * 
	 * @return array success => true or error message
	 */
    public function deleteAccount($email)
	{
        if (!$this->loginSuccess()) {
            return array('error_msg' => 'Error: not authenticated');
        }
        if(!isset($email)) {
            return array('error_msg' => 'Error: missing parameter email');
        }
        $sfClient = curl_init();
        curl_setopt($sfClient, CURLOPT_URL, $this->sfURL . '/api/v2.1/admin/users/' . $email . '/');
		curl_setopt($sfClient, CURLOPT_CUSTOMREQUEST, 'DELETE');
        curl_setopt($sfClient, CURLOPT_CONNECTTIMEOUT, '30');
        curl_setopt($sfClient, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($sfClient, CURLOPT_RETURNTRANSFER, true);
        if(!$this->sfSecure) {
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYHOST, false);
        }
        curl_setopt($sfClient, CURLOPT_HTTPHEADER, array( 'Authorization: Token ' . $this->sfToken, 'Accept: application/json; charset=utf-8; indent=4'));
        $response = curl_exec($sfClient);
        if(curl_getinfo($sfClient, CURLINFO_RESPONSE_CODE) != 200) {
            curl_close($sfClient);
            return array('error_msg' => $response);
        };
        curl_close($sfClient);
        return json_decode($response, true);
	}
	/**
	 * migrateAccount
	 * 
	 * @param string $from source account login e-mail
	 * @param string $to destination account login e-mail (must exist)
	 * 
	 * @return array success => true or error message
	 */
    public function migrateAccount($from, $to)
	{
        if (!$this->loginSuccess()) {
            return array('error_msg' => 'Error: not authenticated');
        }
        if(!isset($from)) {
            return array('error_msg' => 'Error: missing parameter from');
        }
        if(!isset($to)) {
            return array('error_msg' => 'Error: missing parameter to');
        }
        $postFields = array();
        $postFields['op'] = 'migrate';
        $postFields['to_user'] = $to;
        $sfClient = curl_init();
        curl_setopt($sfClient, CURLOPT_URL, $this->sfURL . '/api2/accounts/' . $from . '/');
        curl_setopt($sfClient, CURLOPT_CONNECTTIMEOUT, '30');
        curl_setopt($sfClient, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($sfClient, CURLOPT_RETURNTRANSFER, true);
        if(!$this->sfSecure) {
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($sfClient, CURLOPT_SSL_VERIFYHOST, false);
        }
        curl_setopt($sfClient, CURLOPT_HTTPHEADER, array( 'Authorization: Token ' . $this->sfToken, 'Accept: application/json; charset=utf-8; indent=4'));
        curl_setopt($sfClient, CURLOPT_POST, 1);
		curl_setopt($sfClient, CURLOPT_POSTFIELDS, $postFields);
        $response = curl_exec($sfClient);
        if(curl_getinfo($sfClient, CURLINFO_RESPONSE_CODE) != 200) {
            curl_close($sfClient);
            return array('error_msg' => $response);
        };
        curl_close($sfClient);
        return json_decode($response, true);
	}
}