#!/usr/bin/env bash

set -e

# default MISP configuration

mispuser_default=misp
mispdb_default=mispdb
misp_baseurl_default="http://127.0.0.1"

# default MariaDB configuration
mariadb_host_default=127.0.0.1

# service needed by mip
service_needed=(
	"apache2.service"
	"mysql.service"
	"redis-server.service"
)

# gen pass using pwgen
gen_pass() {
	pwgen 16 1
}

SSL_SALT=$(openssl rand -hex 32)

password_generate=$(gen_pass)


if [ "$EUID" -ne 0 ]; then
  echo "Please run as root."
  exit 1
fi


# initialize misp conf
cp /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
cp /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
cp /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
cp /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php

# Fix permissions
chown -R www-data:www-data /var/www/MISP/app/Config
sudo -u www-data chmod 755 /var/www/MISP/app/Config/*

echo -e "\n\e[44msetting up MISP for you This is may take a while...\e[0m\n"
echo -e "\n[*] \e[43mDownloading composer dependencies...\e[0m\n"

cd /var/www/MISP/app
sudo -u www-data composer dump-autoload
sudo -u www-data composer install --ignore-platform-reqs

phpenmod redis
phpenmod gnupg

mkdir -p /etc/misp
if whiptail --title "MISP credential setup" --yesno "would you like to setup MISP manually?" --no-button "Auto Setup" 10 70; then
	# setup mispdbuser
	MISPDBUSER=$(whiptail --inputbox "set user for MISP (default misp)" --nocancel 10 70 $mispuser_default 3>&1 1>&2 2>&3)

	if [ -z "$MISPDBUSER" ]; then
		MISPDBUSER=$mispuser_default
	fi

	# setup mispdb
	MISPBASEURL=$(whiptail --inputbox "set baseurl for MISP (default http://127.0.0.1)" --nocancel 10 70 $misp_baseurl_default 3>&1 1>&2 2>&3)

	if [ -z "$MISPBASEURL" ]; then
		MISPBASEURL=$misp_baseurl_default
	fi

	# setup mispdb
	MISPDB=$(whiptail --inputbox "what would you like to called MISPDB? (default mispdb)" --nocancel 10 70 $mispdb_default 3>&1 1>&2 2>&3)

	if [ -z "$MISPDB" ]; then
		MISPDB=$mispdb_default
	fi

	# setup mispdbuser pass
	while true; do
		MISPDBUSERPWD=$(whiptail --passwordbox "set misp database user Password" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$MISPDBUSERPWD" ]; then
			whiptail --msgbox "Password cannot blank!" 10 60
		else
			break
		fi
	done

	# setup mariadb host
	MARIADB_HOST=$(whiptail --inputbox "set host for MariaDB (default 127.0.0.1)" --nocancel 10 70 $mariadb_host_default 3>&1 1>&2 2>&3)

	if [ -z "$MARIADB_HOST" ]; then
		MARIADB_HOST=$mariadb_host_default
	fi

	# setup mariadb pass
	while true; do
		MARIADBROOTPASS=$(whiptail --passwordbox "set mariadb root user Password" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$MARIADBROOTPASS" ]; then
			whiptail --msgbox "Password cannot blank!" 10 60
		else
			break
		fi
	done

	a2dismod mpm_event
	a2enmod mpm_prefork
	a2enmod php8.4
	a2enmod headers
	a2enmod rewrite

	# Disable apache default
	a2dissite 000-default || true
	a2dissite 00-default || true
	a2ensite misp.apache2

	# start all service needed before setting up database
	echo -e "\n[*] \e[43mStarting service...\e[0m\n"
	for service in "${service_needed[@]}"; do
		systemctl --quiet start "$service"
	done
	sleep 3

	# Create MISP mysql database
	echo -e "\n[*] \e[43mCreate MISP mysql database\e[0m\n"

	mysql -uroot -p$MARIADBROOTPASS -e "CREATE USER IF NOT EXISTS '$MISPDBUSER'@'%' IDENTIFIED BY '$MISPDBUSERPWD';"
	mysql -uroot -p$MARIADBROOTPASS -e "GRANT ALL PRIVILEGES ON $MISPDB.* TO '$MISPDBUSER'@'%';"
	mysql -uroot -p$MARIADBROOTPASS -e "FLUSH PRIVILEGES;"
	mysql -uroot -p$MARIADBROOTPASS -e "CREATE DATABASE $MISPDB;" && gunzip < /usr/share/doc/misp/MYSQL.sql.gz | mysql -h$MARIADB_HOST -u$MISPDBUSER -p$MISPDBUSERPWD $MISPDB || true

	echo -e "\n[*] \e[43mUpdating salit...\e[0m\n"
	sed -i "s/'salt' =>.*/'salt' => '$NEWSALT',/" /var/www/MISP/app/Config/config.php

	echo -e "\n[*] \e[43mConfiguring Database...\e[0m"
	sed -i -E "s/'host'\s=>\s'localhost'/'host' => '$MARIADB_HOST'/" /var/www/MISP/app/Config/database.php
	sed -i -E "s/'login'\s=>\s'db login'/'login' => '$MISPDBUSER'/" /var/www/MISP/app/Config/database.php
	sed -i -E "s/'password'\s=>\s'db password'/'password' => '$MISPDBUSERPWD'/" /var/www/MISP/app/Config/database.php
	sed -i -E "s/'database'\s=>\s'misp'/'database' => '$MISPDB'/" /var/www/MISP/app/Config/database.php

	echo -e "\n[*] \e[43mRestarting service...\e[0m"

	for service in "${service_needed[@]}"; do
		systemctl --quiet restart "$service"
	done
	sleep 3

	sudo -u www-data /var/www/MISP/app/Console/cake admin setSetting MISP.baseurl "$MISPBASEURL"


	echo -e "\n[*] \e[43mRestarting service...\e[0m"

	for service in "${service_needed[@]}"; do
		systemctl --quiet restart "$service"
	done
	sleep 3

	chmod +x /var/www/MISP/app/Console/worker/start.sh
	cat /usr/share/doc/misp/misp-workers.service > /etc/systemd/system/misp-workers.service
	# sed -i -E "s/\/var\/www\/MISP/\/usr\/share\/misp/" /etc/systemd/system/misp-workers.service

	echo -e "\n[*] \e[43msetting up user credential for MISP..\e[0m"

	while true; do
		MISPLOGINMAIL=$(whiptail --inputbox "set mail for MISP (eg. misp@misp.local)" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$MISPLOGINMAIL" ]; then
			whiptail --msgbox "Mail cannot blank" 10 60
		else
			break
		fi
	done

	echo -e "\n[*] \e[43mGenerating password for you..\e[0m"
	if [ -d /etc/misp ]; then
		:
	else
		mkdir -p /etc/misp
	fi

	echo -e "\n[*] \e[43msetting up GnuPG for MISP...\e[0m"
	mkdir -p /var/www/MISP/app/.gnupg
	chown -R www-data:www-data /var/www/MISP/app/.gnupg
	chmod 700 /var/www/MISP/app/.gnupg

	while true; do
		GNUPGMAIL=$(whiptail --inputbox "set mail for GnuPG (eg. gnupg@gnupg.local)" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$GNUPGMAIL" ]; then
			whiptail --msgbox "GnuPG Mail cannot blank" 10 60
		else
			break
		fi
	done

	while true; do
		GNUPGPASS=$(whiptail --passwordbox "set passphrase for $GNUPGMAIL" --nocancel 10 40 3>&1 1>&2 2>&3)

		if [ -z "$GNUPGPASS" ]; then
			whiptail --msgbox "GnuPG passphrase cannot blank" 10 60
		else
			break
		fi
	done

	sudo -u www-data gpg --homedir /var/www/MISP/app/.gnupg --batch --passphrase "$GNUPGPASS" --quick-gen-key "$GNUPGMAIL" default default never || true

	#dearmor gpg
	sudo -u www-data gpg --homedir /var/www/MISP/app/.gnupg --export --armor "$GNUPGMAIL" | sudo -u www-data tee /var/www/MISP/app/webroot/gpg.asc
	# Update config.php for GNUPG
	sed -i "s/gnumail/$GNUPGMAIL/g" /var/www/MISP/app/Config/config.php
	sed -i "s/gnupgpass/$GNUPGPASS/g" /var/www/MISP/app/Config/config.php

	# create misp creds
	sudo -u www-data /var/www/MISP/app/Console/cake user create $MISPLOGINMAIL 1 1
	sudo -u www-data /var/www/MISP/app/Console/cake user change_pw $MISPLOGINMAIL $password_generate

	for service in "${service_needed[@]}"; do
		systemctl --quiet restart "$service"
	done

	echo -e "=========="
	echo -e "\nYour MISP login creds\n\nMAIL= $MISPLOGINMAIL\nPASSWORD= $password_generate"
	echo -e "\n=========="
	mkdir -p /etc/misp/

	# save misp creds
cat <<EOF > /etc/misp/$MISPLOGINMAIL.pass
MISP ADMIN	= $MISPLOGINMAIL
MISP ADMIN PASSWORD = $password_generate
EOF

	echo -e "Your MISP creds has been saved to /etc/misp/$MISPLOGINMAIL.pass"

	echo -e "\nIf browser didn't showing in 5 second please open this address into your browser"
	echo -e "\nhttp://$MISPBASEURL"
	xdg-open $MISPBASEURL >/dev/null 2>&1

else
	MISPDBUSER=$mispuser_default
  	MARIADB_HOST=$mariadb_host_default
  	MISPDB=$mispdb_default
  	MISPBASEURL=$misp_baseurl_default
	while true; do
		MISPDBUSERPWD=$(whiptail --passwordbox "set misp database user Password" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$MISPDBUSERPWD" ]; then
			whiptail --msgbox "Password cannot blank!" 10 60
		else
			break
		fi
	done

	a2dismod mpm_event
	a2enmod mpm_prefork
	a2enmod php8.4
	a2enmod headers
	a2enmod rewrite

	# Disable apache default
	a2dissite 000-default || true
	a2dissite 00-default || true
	a2ensite misp.apache2
	
	# setup mariadb pass
	while true; do
		MARIADBROOTPASS=$(whiptail --passwordbox "set mariadb root user Password" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$MARIADBROOTPASS" ]; then
			whiptail --msgbox "Password cannot blank!" 10 60
		else
			break
		fi
	done

	# start all service needed before setting up database
	echo -e "\n[*] \e[43mStarting service...\e[0m\n"
	for service in "${service_needed[@]}"; do
		systemctl --quiet start "$service"
	done
	sleep 3

	# Create MISP mysql database
	echo -e "\n[*] \e[43mCreate MISP mysql database\e[0m\n"

	mysql -uroot -p$MARIADBROOTPASS -e "CREATE USER IF NOT EXISTS '$MISPDBUSER'@'%' IDENTIFIED BY '$MISPDBUSERPWD';"
	mysql -uroot -p$MARIADBROOTPASS -e "GRANT ALL PRIVILEGES ON $MISPDB.* TO '$MISPDBUSER'@'%';"
	mysql -uroot -p$MARIADBROOTPASS -e "FLUSH PRIVILEGES;"
	mysql -uroot -p$MARIADBROOTPASS -e "CREATE DATABASE $MISPDB;" && gunzip < /usr/share/doc/misp/MYSQL.sql.gz | mysql -h$MARIADB_HOST -u$MISPDBUSER -p$MISPDBUSERPWD $MISPDB || true

	echo -e "\n[*] \e[43mUpdating salit...\e[0m\n"
	sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /var/www/MISP/app/Config/config.php

	echo -e "\n[*] \e[43mConfiguring Database...\e[0m"
	sed -i -E "s/'host'\s=>\s'localhost'/'host' => '$MARIADB_HOST'/" /var/www/MISP/app/Config/database.php
	sed -i -E "s/'login'\s=>\s'db login'/'login' => '$MISPDBUSER'/" /var/www/MISP/app/Config/database.php
	sed -i -E "s/'password'\s=>\s'db password'/'password' => '$MISPDBUSERPWD'/" /var/www/MISP/app/Config/database.php
	sed -i -E "s/'database'\s=>\s'misp'/'database' => '$MISPDB'/" /var/www/MISP/app/Config/database.php

	echo -e "\n[*] \e[43mRestarting service...\e[0m"

	for service in "${service_needed[@]}"; do
		systemctl --quiet restart "$service"
	done
	sleep 3

	sudo -u www-data /var/www/MISP/app/Console/cake admin setSetting MISP.baseurl "$MISPBASEURL"


	echo -e "\n[*] \e[43mRestarting service...\e[0m"

	for service in "${service_needed[@]}"; do
		systemctl --quiet restart "$service"
	done
	sleep 3

	chmod +x /var/www/MISP/app/Console/worker/start.sh
	cat /usr/share/doc/misp/misp-workers.service > /etc/systemd/system/misp-workers.service
#	sed -i -E "s/\/var\/www\/MISP/\/usr\/share\/misp/" /etc/systemd/system/misp-workers.service

	echo -e "\n[*] \e[43msetting up user credential for MISP..\e[0m"

	while true; do
		MISPLOGINMAIL=$(whiptail --inputbox "set mail for MISP (eg. misp@misp.local)" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$MISPLOGINMAIL" ]; then
			whiptail --msgbox "Mail cannot blank" 10 60
		else
			break
		fi
	done

	echo -e "\n[*] \e[43mGenerating password for you..\e[0m"
	if [ -d /etc/misp ]; then
		:
	else
		mkdir -p /etc/misp
	fi

	echo -e "\n[*] \e[43msetting up GnuPG for MISP...\e[0m"
	mkdir -p /var/www/MISP/app/.gnupg
	chown -R www-data:www-data /var/www/MISP/app/.gnupg
	chmod 700 /var/www/MISP/app/.gnupg

	while true; do
		GNUPGMAIL=$(whiptail --inputbox "set mail for GnuPG (eg. gnupg@gnupg.local)" --nocancel 10 70 3>&1 1>&2 2>&3)

		if [ -z "$GNUPGMAIL" ]; then
			whiptail --msgbox "GnuPG Mail cannot blank" 10 60
		else
			break
		fi
	done

	while true; do
		GNUPGPASS=$(whiptail --passwordbox "set passphrase for $GNUPGMAIL" --nocancel 10 40 3>&1 1>&2 2>&3)

		if [ -z "$GNUPGPASS" ]; then
			whiptail --msgbox "GnuPG passphrase cannot blank" 10 60
		else
			break
		fi
	done

	sudo -u www-data gpg --homedir /var/www/MISP/app/.gnupg --batch --passphrase "$GNUPGPASS" --quick-gen-key "$GNUPGMAIL" default default never || true
	# dearmor gpg
	sudo -u www-data gpg --homedir /var/www/MISP/app/.gnupg --export --armor "$GNUPGMAIL" | sudo -u www-data tee /var/www/MISP/app/webroot/gpg.asc
	# Update config.php for GNUPG
	sed -i "s/gnumail/$GNUPGMAIL/g" /var/www/MISP/app/Config/config.php
	sed -i "s/gnupgpass/$GNUPGPASS/g" /var/www/MISP/app/Config/config.php

	# create misp creds
	sudo -u www-data /var/www/MISP/app/Console/cake user create $MISPLOGINMAIL 1 1
	sudo -u www-data /var/www/MISP/app/Console/cake user change_pw $MISPLOGINMAIL $password_generate

	for service in "${service_needed[@]}"; do
		systemctl --quiet restart "$service"
	done

	echo -e "=========="
	echo -e "\nYour MISP login creds\n\nMAIL= $MISPLOGINMAIL\nPASSWORD= $password_generate"
	echo -e "\n=========="
	mkdir -p /etc/misp/

	# save misp creds
cat <<EOF > /etc/misp/$MISPLOGINMAIL.pass
MISP ADMIN 					= $MISPLOGINMAIL
MISP ADMIN PASSWORD = $password_generate
EOF

	echo -e "Your MISP creds has been saved to /etc/misp/$MISPLOGINMAIL.pass"

	echo -e "\nIf browser didn't showing in 5 second please open this address into your browser"
	echo -e "\n$MISPBASEURL"
	xdg-open $MISPBASEURL >/dev/null 2>&1

fi
