#!/bin/sh

# Ensure UCI sections exist
uci -q get netflow.config >/dev/null || uci set netflow.config=netflow
uci -q get netflow.v2board >/dev/null || uci set netflow.v2board=v2board

# Set defaults only if not already configured
[ -z "$(uci -q get netflow.config.enable)" ] && uci set netflow.config.enable='0'
[ -z "$(uci -q get netflow.config.proxy_mode)" ] && uci set netflow.config.proxy_mode='rule'
[ -z "$(uci -q get netflow.config.tun_enabled)" ] && uci set netflow.config.tun_enabled='0'
[ -z "$(uci -q get netflow.config.api_port)" ] && uci set netflow.config.api_port='9091'
[ -z "$(uci -q get netflow.config.api_secret)" ] && uci set netflow.config.api_secret='netflow_secret'
[ -z "$(uci -q get netflow.config.backend_port)" ] && uci set netflow.config.backend_port='9190'
[ -z "$(uci -q get netflow.config.redir_port)" ] && uci set netflow.config.redir_port='7892'
[ -z "$(uci -q get netflow.config.dns_port)" ] && uci set netflow.config.dns_port='7874'
[ -z "$(uci -q get netflow.config.mixed_port)" ] && uci set netflow.config.mixed_port='7890'
[ -z "$(uci -q get netflow.config.mihomo_path)" ] && uci set netflow.config.mihomo_path='/etc/netflow/mihomo/mihomo'
[ -z "$(uci -q get netflow.config.lan_proxy)" ] && uci set netflow.config.lan_proxy='1'
[ -z "$(uci -q get netflow.config.ipv6_proxy)" ] && uci set netflow.config.ipv6_proxy='0'

# oss_url: always update from package (injected at build time by CI)
# https://osnc3.s3.ap-northeast-3.amazonaws.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json,https://osnc4.s3.ap-east-1.amazonaws.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json,https://oss-1350701856.cos.ap-guangzhou.myqcloud.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json is replaced by sed in CI workflow
OSS_URL='https://osnc3.s3.ap-northeast-3.amazonaws.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json,https://osnc4.s3.ap-east-1.amazonaws.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json,https://oss-1350701856.cos.ap-guangzhou.myqcloud.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json'
if [ "$OSS_URL" != "https://osnc3.s3.ap-northeast-3.amazonaws.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json,https://osnc4.s3.ap-east-1.amazonaws.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json,https://oss-1350701856.cos.ap-guangzhou.myqcloud.com/opnew/store_oss/2026/05/01/3db63ca8-1c28-4ca8-a07d-9fb2892533e5.json" ] && [ -n "$OSS_URL" ]; then
    uci set netflow.config.oss_url="$OSS_URL"
fi

# Migrate old 'enabled' to 'enable' for consistency with shell version
OLD_ENABLED="$(uci -q get netflow.config.enabled)"
if [ -n "$OLD_ENABLED" ]; then
    [ -z "$(uci -q get netflow.config.enable)" ] && uci set netflow.config.enable="$OLD_ENABLED"
    uci -q delete netflow.config.enabled
fi

uci commit netflow

# Ensure directories exist
mkdir -p /etc/netflow/mihomo
mkdir -p /etc/netflow/v2board

# Verify mihomo binary
if [ -x "/etc/netflow/mihomo/mihomo" ]; then
    logger -t netflow "mihomo binary ready"
else
    logger -t netflow "WARNING: mihomo binary not found"
fi

# Generate device salt if not exists
if [ ! -f /etc/netflow/.dev_salt ] || [ ! -s /etc/netflow/.dev_salt ]; then
    head -c 32 /dev/urandom | hexdump -e '32/1 "%02x"' > /etc/netflow/.dev_salt
    chmod 600 /etc/netflow/.dev_salt
fi

# Set permissions
chmod 755 /etc/init.d/netflow

# Ensure netflow binary symlink exists (postinst may have been deferred)
detect_mips_endian() {
    local byte
    byte=$(hexdump -s 5 -n 1 -e '"%d"' /bin/busybox 2>/dev/null)
    if [ "$byte" = "1" ]; then
        echo "mipsel"
    else
        echo "mips"
    fi
}

if [ ! -x "/usr/bin/netflow" ]; then
    ARCH=$(uname -m)
    case "$ARCH" in
        x86_64)  BIN="netflow_x86_64" ;;
        aarch64) BIN="netflow_aarch64" ;;
        armv7*)  BIN="netflow_arm" ;;
        arm*)    BIN="netflow_arm" ;;
        mips|mipsel)
            REAL_MIPS=$(detect_mips_endian)
            BIN="netflow_${REAL_MIPS}"
            ;;
        *)
            REAL_MIPS=$(detect_mips_endian)
            if [ "$REAL_MIPS" = "mipsel" ] || [ "$REAL_MIPS" = "mips" ]; then
                BIN="netflow_${REAL_MIPS}"
            else
                BIN="netflow_x86_64"
            fi
            ;;
    esac
    if [ -x "/usr/bin/${BIN}" ]; then
        ln -sf "/usr/bin/${BIN}" /usr/bin/netflow
        logger -t netflow "linked ${BIN} -> /usr/bin/netflow (arch: ${ARCH}, actual: ${BIN})"
    else
        logger -t netflow "WARNING: binary /usr/bin/${BIN} not found for arch ${ARCH}"
    fi
fi

# Monthly geodata update cron
BACKEND_PORT=$(uci -q get netflow.config.backend_port 2>/dev/null)
BACKEND_PORT="${BACKEND_PORT:-9190}"
CRON_LINE="0 3 1 * * /usr/bin/curl -s -X POST http://127.0.0.1:${BACKEND_PORT}/api/update_geodata >/dev/null 2>&1"
CRON_FILE="/etc/crontabs/root"
if [ -f "$CRON_FILE" ]; then
    grep -q "update_geodata" "$CRON_FILE" || echo "$CRON_LINE" >> "$CRON_FILE"
else
    echo "$CRON_LINE" > "$CRON_FILE"
fi
/etc/init.d/cron restart 2>/dev/null

# Clear LuCI cache
rm -rf /tmp/luci-indexcache /tmp/luci-modulecache

# Enable and start service
/etc/init.d/netflow enable
/etc/init.d/netflow start

exit 0
