#!/bin/bash

#################################################
# Bahari Firewall - One-Click Installer
# Website: https://firewall.licenseapi.top
#################################################

INSTALL_URL="https://firewall.licenseapi.top/bahari-firewall/latest.zip"
INSTALL_DIR="/root/bahari-firewall"
SERVICE_NAME="bahari-firewall"

echo "=========================================="
echo "🛡️  Bahari Firewall Installer"
echo "=========================================="
echo ""

# Check if running as root
if [ "$EUID" -ne 0 ]; then 
    echo "❌ Error: This script must be run as root"
    echo "Please run: sudo bash install.sh"
    exit 1
fi

echo "✓ Running as root user"
echo ""

# Install required packages
echo "📦 Installing required packages..."
yum install wget unzip python3 python3-pip -y > /dev/null 2>&1
echo "✓ Packages installed"
echo ""

# Create installation directory
echo "📁 Creating installation directory..."
mkdir -p $INSTALL_DIR
cd $INSTALL_DIR
echo "✓ Directory created"
echo ""

# Download latest version
echo "⬇️  Downloading Bahari Firewall..."
wget -q $INSTALL_URL -O bahari-firewall.zip

if [ $? -eq 0 ]; then
    echo "✓ Download complete"
else
    echo "❌ Download failed. Please check your internet connection."
    exit 1
fi
echo ""

# Extract files
echo "📦 Extracting files..."
unzip -o bahari-firewall.zip > /dev/null 2>&1
rm bahari-firewall.zip
echo "✓ Files extracted"
echo ""

# Install Python dependencies
echo "🐍 Installing Python dependencies..."
pip3 install flask psutil requests --break-system-packages > /dev/null 2>&1
echo "✓ Dependencies installed"
echo ""

# Configure firewall for panel port 9876
echo "🛡️  Configuring firewall..."
if command -v imunify360-agent &> /dev/null; then
    echo "  ⚠️  Imunify360 detected. Please manually allow port 9876 in WHM >> Imunify360"
elif systemctl is-active --quiet firewalld; then
    firewall-cmd --permanent --add-port=9876/tcp > /dev/null 2>&1
    firewall-cmd --reload > /dev/null 2>&1
    echo "  ✓ Firewall configured (firewalld)"
elif command -v csf &> /dev/null; then
    if ! grep -q "^9876$" /etc/csf/csf.allow 2>/dev/null; then
        echo "9876" >> /etc/csf/csf.allow 2>/dev/null
        csf -r > /dev/null 2>&1
    fi
    echo "  ✓ Firewall configured (CSF)"
else
    iptables -A INPUT -p tcp --dport 9876 -j ACCEPT 2>/dev/null
    service iptables save > /dev/null 2>&1
    echo "  ✓ Firewall configured (iptables)"
fi
echo ""

# Create systemd service
echo "⚙️  Creating systemd service..."
cat > /etc/systemd/system/${SERVICE_NAME}.service << EOF
[Unit]
Description=Bahari Firewall - Advanced Security Panel
After=network.target

[Service]
Type=simple
User=root
WorkingDirectory=$INSTALL_DIR
ExecStart=/usr/bin/python3 $INSTALL_DIR/bahari_firewall.py
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable $SERVICE_NAME > /dev/null 2>&1
echo "✓ Systemd service created"
echo ""

# Make script executable
chmod +x $INSTALL_DIR/bahari_firewall.py 2>/dev/null

# Get server IP
SERVER_IP=$(hostname -I | awk '{print $1}')
if [ -z "$SERVER_IP" ]; then
    SERVER_IP="YOUR_SERVER_IP"
fi

echo "=========================================="
echo "✅ Installation Complete!"
echo "=========================================="
echo ""
echo "📋 Panel Information:"
echo "   URL: http://$SERVER_IP:9876"
echo "   Port: 9876"
echo "   Username: admin"
echo "   Password: admin123"
echo ""
echo "🚀 To start Bahari Firewall:"
echo "   systemctl start $SERVICE_NAME"
echo ""
echo "📊 To check status:"
echo "   systemctl status $SERVICE_NAME"
echo ""
echo "📝 To view logs:"
echo "   journalctl -u $SERVICE_NAME -f"
echo ""
echo "⚠️  CRITICAL FIRST STEPS:"
echo "   1. ✅ Login এবং আপনার IP whitelist করুন"
echo "   2. 🔐 Password পরিবর্তন করুন"
echo "   3. 🛡️ DDoS protection setup করুন"
echo ""
if command -v imunify360-agent &> /dev/null; then
echo "🔒 IMUNIFY360 DETECTED:"
echo "   - Bahari Firewall safely কাজ করবে Imunify360 এর সাথে"
echo "   - Port 9876 manually allow করুন: WHM >> Imunify360"
echo ""
fi
echo "🌐 Website: https://firewall.licenseapi.top"
echo "=========================================="
echo ""

# Ask to start service
read -p "Do you want to start Bahari Firewall now? (y/n): " -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]; then
    systemctl start $SERVICE_NAME
    sleep 2
    if systemctl is-active --quiet $SERVICE_NAME; then
        echo ""
        echo "✅ Bahari Firewall started successfully!"
        echo "🌐 Access your panel at: http://$SERVER_IP:9876"
        echo ""
        echo "⚠️  FIRST STEPS:"
        echo "   1. Login করুন (admin/admin123)"
        echo "   2. আপনার current IP whitelist করুন"
        echo "   3. Dashboard থেকে password পরিবর্তন করুন"
        echo ""
    else
        echo ""
        echo "❌ Start failed. Check logs:"
        echo "   journalctl -u $SERVICE_NAME -n 50"
        echo ""
    fi
fi

echo "Thank you for choosing Bahari Firewall! 🛡️"