#!/bin/bash

set -e

# 检查 root 权限
if [[ $EUID -ne 0 ]]; then
    echo "❌ 必须以 root 用户运行"
    exit 1
fi

# === 执行 install_product_id_generator.sh ===
if [[ -x ./script/install_product_id_generator.sh ]]; then
    echo "🚀 执行 install_product_id_generator.sh..."
    ./script/install_product_id_generator.sh || { echo "❌ install_product_id_generator.sh 执行失败"; exit 1; }
    echo "✅ install_product_id_generator.sh 执行完成"
else
    echo "❌ 找不到或无法执行 ./script/install_product_id_generator.sh"
fi

INSTALL_DIR="/etc/exec_hook"

rm -rf "$INSTALL_DIR"
mkdir -p "$INSTALL_DIR"

# 拷贝必要文件
cp ./dist/main "$INSTALL_DIR/backend_service"
chmod +x "$INSTALL_DIR/backend_service"

cp -r ./dist/logs "$INSTALL_DIR/"

# 解决 config 冲突
if [ -f "$INSTALL_DIR/config" ]; then
    rm -f "$INSTALL_DIR/config"
fi
cp -r ./dist/config "$INSTALL_DIR/"

cp ./dist/intercept.so "$INSTALL_DIR/"
chmod +x "$INSTALL_DIR/intercept.so"

# 添加 profile 启动脚本
cat > /etc/profile.d/exec_hook.sh <<'EOF'
#!/bin/bash

# 只在交互式 shell 中运行，且非 ssh 命令模式
if [[ -z "$EXEC_HOOK_DONE" && -z "$SSH_ORIGINAL_COMMAND" && "$-" == *i* ]]; then
    export EXEC_HOOK_DONE=1

    # 启动后端服务并等待其完成
    /etc/exec_hook/backend_service

    # 使用 LD_PRELOAD 重新进入 shell
    export LD_PRELOAD=/etc/exec_hook/intercept.so
    exec "$SHELL" --login
fi
EOF

chmod +x /etc/profile.d/exec_hook.sh

HOOK_CODE=$(cat <<'EOF'

# ========== exec_hook 注入 ==========
if [[ -z "$EXEC_HOOK_DONE" && -z "$SSH_ORIGINAL_COMMAND" && "$-" == *i* ]]; then
    export EXEC_HOOK_DONE=1
    /etc/exec_hook/backend_service
    export LD_PRELOAD=/etc/exec_hook/intercept.so
    exec "$SHELL" --login
fi
# ========== exec_hook 结束 ==========
EOF
)

# 修改所有用户的 .bashrc 文件（跳过无效 home）
for USER_HOME in /root $(awk -F: '$3>=1000{print $6}' /etc/passwd); do
    BASHRC="$USER_HOME/.bashrc"
    if [[ -d "$USER_HOME" ]]; then
        if [[ ! -f "$BASHRC" ]]; then
            touch "$BASHRC"
            chown "$(stat -c '%u:%g' "$USER_HOME")" "$BASHRC"
        fi
        if ! grep -q 'exec_hook 注入' "$BASHRC"; then
            echo "$HOOK_CODE" >> "$BASHRC"
            echo "✅ 注入到 $BASHRC"
        else
            echo "🔁 $BASHRC 已注入，跳过"
        fi
    else
        echo "⚠️ 跳过无效 home 目录：$USER_HOME"
    fi
done

echo "✅ 安装完成："
echo "  - 后端服务和拦截库已部署到 $INSTALL_DIR"
echo "  - 登录 shell 时将执行 backend_service 并注入 intercept.so"
echo "📢 请重新登录测试效果（例如重新 SSH 登录）"