#!/bin/sh
set -eu
. /usr/libexec/edgeshield/geoip-common.sh
: "${EDGESHIELD_GEOIP:=auto}"
: "${EDGESHIELD_GEOIP_AUTO_DOWNLOAD:=0}"
: "${EDGESHIELD_GEOIP_STRICT:=0}"
: "${EDGESHIELD_GEOIP_RELOAD:=0}"

maybe_reload=""
[ "$EDGESHIELD_GEOIP_RELOAD" = 1 ] || [ "$EDGESHIELD_GEOIP_RELOAD" = true ] && maybe_reload="--reload"

fail_or_fallback() {
    geoip_log "$1"
    edgeshield-geoip-disable >/dev/null 2>&1 || true
    if [ "$EDGESHIELD_GEOIP_STRICT" = 1 ] || [ "$EDGESHIELD_GEOIP_STRICT" = true ]; then
        geoip_log "strict mode enabled; failing startup"
        exit 1
    fi
    exit 0
}

case "$EDGESHIELD_GEOIP" in
  0|false|False|FALSE|no|No|NO|disabled|disable)
    edgeshield-geoip-disable $maybe_reload >/dev/null 2>&1 || true
    geoip_log "GeoIP disabled by EDGESHIELD_GEOIP=$EDGESHIELD_GEOIP"
    exit 0;;
  1|true|True|TRUE|yes|Yes|YES|enabled|enable|auto) ;;
  *) fail_or_fallback "invalid EDGESHIELD_GEOIP value: $EDGESHIELD_GEOIP";;
esac

if geoip_validate_all >/dev/null 2>&1; then
    edgeshield-geoip-enable $maybe_reload || fail_or_fallback "enable failed"
    exit 0
fi

if [ "$EDGESHIELD_GEOIP_AUTO_DOWNLOAD" = 1 ] || [ "$EDGESHIELD_GEOIP_AUTO_DOWNLOAD" = true ]; then
    [ -n "${MAXMIND_LICENSE_KEY:-}" ] || fail_or_fallback "auto-download enabled but MAXMIND_LICENSE_KEY is not set"
    edgeshield-geoip-download || fail_or_fallback "download failed"
    edgeshield-geoip-enable $maybe_reload || fail_or_fallback "enable after download failed"
    exit 0
fi

fail_or_fallback "GeoIP databases missing/invalid and auto-download disabled"
