#!/bin/sh

# Start/stop/restart the web panel
#
# Also, keep renewing/recreating kerberos tickets for the web
# application.

PANEL_DIR=/opt/fripost-panel
SOCKET_DIR=/var/run/fcgi
USER=fpanel
GROUP=www-data
PRINCIPAL=AdminWebPanel@FRIPOST.ORG
REALM=FRIPOST.ORG
KEYTAB=/var/lib/fripost-panel/keytab
CGI=./cgi-bin/index.fcgi

if [ $(id -u) -ne 0 ]; then
    echo "Error: You are not root"
    exit 1
fi

KSTART="k5start -b -f ${KEYTAB} -S ldap -I $(hostname --fqdn) -r ${REALM} -u ${PRINCIPAL} -q -l 61m -K 59"

start () {
    test -x "${PANEL_DIR}/cgi-bin/index.fcgi" || exit 0

    pgrep -U "${USER}" -G "${GROUP}" -fx "/usr/bin/perl ${CGI}" >/dev/null && return 0
    pgrep -U "${USER}" -G "${GROUP}" -fx "${KSTART}" >/dev/null || sudo -u "${USER}" ${KSTART} || exit 1

    export FCGI_SOCKET_PATH="${SOCKET_DIR}/fripost-panel.socket"
    export FCGI_LISTEN_QUEUE=128
    start-stop-daemon --start --background \
        --chuid "${USER}:${GROUP}" \
        -d "${PANEL_DIR}" \
        -m -p "${SOCKET_DIR}/fripost-panel.pid" \
        -k 0077 \
        --exec ${CGI}
    # Dirty, but it's safer than changing the umask to 0007
    sleep 1
    # The web server needs to talk and listen to the panel.
    chmod 'ug+rwx,o=' "${FCGI_SOCKET_PATH}" || exit 1
}

stop () {
    pkill -U "${USER}" -G "${GROUP}" -fx "${KSTART}"
    start-stop-daemon --stop -u "${USER}" \
        --chuid "${USER}:${GROUP}" \
        -p "${SOCKET_DIR}/fripost-panel.pid" \
        --retry=TERM/5/KILL/1
}

cd "${PANEL_DIR}" || exit 1
case "${1}" in
  start) start ;;
  stop) stop ;;
  restart) stop; start ;;
  *)
    echo "Usage: $0 {start|stop|restart}" >&2
    exit 1
    ;;
esac