#!/bin/sh
set -eu
. /usr/libexec/edgeshield/geoip-common.sh
: "${EDGESHIELD_GEOIP_DOWNLOAD_METHOD:=direct}"

case "${1:-}" in -h|--help|help) echo "Usage: edgeshield-geoip-download [--force]"; exit 0;; esac
force=0; [ "${1:-}" = "--force" ] && force=1
mkdir -p "$EDGESHIELD_GEOIP_DB_DIR" "$EDGESHIELD_GEOIP_CACHE_DIR" "$EDGESHIELD_GEOIP_STATE_DIR"

if [ "$force" != 1 ] && geoip_validate_all >/dev/null 2>&1; then
    geoip_log "valid GeoIP databases already present"
    geoip_state available
    exit 0
fi

method="$EDGESHIELD_GEOIP_DOWNLOAD_METHOD"
if [ "$method" = auto ]; then
    if geoip_have_cmd geoipupdate && [ -n "${MAXMIND_ACCOUNT_ID:-}" ] && [ -n "${MAXMIND_LICENSE_KEY:-}" ]; then method=geoipupdate; else method=direct; fi
fi

case "$method" in
  geoipupdate)
    geoip_have_cmd geoipupdate || { geoip_log "geoipupdate not found"; exit 1; }
    : "${MAXMIND_ACCOUNT_ID:?MAXMIND_ACCOUNT_ID is required for geoipupdate}"
    : "${MAXMIND_LICENSE_KEY:?MAXMIND_LICENSE_KEY is required for geoipupdate}"
    conf="$EDGESHIELD_GEOIP_CACHE_DIR/GeoIP.conf"
    {
      printf 'AccountID %s\n' "$MAXMIND_ACCOUNT_ID"
      printf 'LicenseKey %s\n' "$MAXMIND_LICENSE_KEY"
      printf 'EditionIDs GeoLite2-Country GeoLite2-City GeoLite2-ASN\n'
      printf 'DatabaseDirectory %s\n' "$EDGESHIELD_GEOIP_DB_DIR"
    } > "$conf"
    geoipupdate -f "$conf"
    ;;
  direct)
    geoip_have_cmd curl || { geoip_log "curl not found"; exit 1; }
    geoip_have_cmd tar || { geoip_log "tar not found"; exit 1; }
    : "${MAXMIND_LICENSE_KEY:?MAXMIND_LICENSE_KEY is required for MaxMind direct download}"
    work="$EDGESHIELD_GEOIP_CACHE_DIR/download.$$"
    rm -rf "$work"; mkdir -p "$work"
    for edition in GeoLite2-Country GeoLite2-City GeoLite2-ASN; do
      archive="$work/$edition.tar.gz"
      url="https://download.maxmind.com/app/geoip_download?edition_id=${edition}&license_key=${MAXMIND_LICENSE_KEY}&suffix=tar.gz"
      geoip_log "downloading $edition"
      curl -fsSL "$url" -o "$archive"
      tar -xzf "$archive" -C "$work"
      found="$(find "$work" -type f -name "$edition.mmdb" | head -n 1 || true)"
      [ -n "$found" ] || { geoip_log "archive does not contain $edition.mmdb"; exit 1; }
      tmp="$EDGESHIELD_GEOIP_DB_DIR/.$edition.mmdb.tmp"
      cp -f "$found" "$tmp"; chmod 0644 "$tmp"; mv -f "$tmp" "$EDGESHIELD_GEOIP_DB_DIR/$edition.mmdb"
    done
    rm -rf "$work"
    ;;
  *) geoip_log "unsupported download method: $method"; exit 2;;
esac

geoip_validate_all && { geoip_state available; geoip_log "downloaded and validated GeoIP DBs"; exit 0; }
geoip_state invalid
exit 1
