#!/usr/bin/bash


#
# Generate changelog with hashsum from the exported certificates
#


###
#
# Options Section
#
###

set -e
set -u
set -o pipefail


###
#
# Variables Section
#
###

source '/etc/traefik/acme/acme.env'
ACME_STORAGE="${ACME_STORAGE:='/var/lib/traefik/acme'}"
ACME_STORAGE_HASH="${ACME_STORAGE_HASH:='/var/lib/traefik/acme.md5sum'}"
ACME_STORAGE_CHANGELOG="${ACME_STORAGE_CHANGELOG:='/var/lib/traefik/acme.log'}"


###
#
# Runtime Environment
#
###

if [[ "${EUID}" -ne '0' && "${USER}" != 'traefik' ]]; then
  /usr/bin/echo -e 'Error: Permission Denied'
  exit 1
fi

TMP_DIRECTORY=$(/usr/bin/mktemp --directory --quiet)
trap "/usr/bin/rm --force --recursive ${TMP_DIRECTORY}" EXIT

if [[ ! -f "${ACME_STORAGE_HASH}" ]]; then
  /usr/bin/find "${ACME_STORAGE}" -type f -exec /usr/bin/md5sum {} + > "${ACME_STORAGE_HASH}"
  /usr/bin/chmod 0400 "${ACME_STORAGE_HASH}"
  /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_HASH}"
  /usr/bin/diff '/dev/null' "${ACME_STORAGE_HASH}" | /usr/bin/grep '^>' | /usr/bin/mawk '{print $3}' > "${ACME_STORAGE_CHANGELOG}" || \
    /usr/bin/true
  /usr/bin/chmod 0400 "${ACME_STORAGE_CHANGELOG}"
  /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_CHANGELOG}"
  exit 0
fi

/usr/bin/find "${ACME_STORAGE}" -type f -exec /usr/bin/md5sum {} + > "${TMP_DIRECTORY}/traefik_acme.md5sum"

/usr/bin/diff "${ACME_STORAGE_HASH}" "${TMP_DIRECTORY}/traefik_acme.md5sum" | /usr/bin/grep '^>' | /usr/bin/mawk '{print $3}' > "${ACME_STORAGE_CHANGELOG}" || \
  /usr/bin/true

/usr/bin/cat "${TMP_DIRECTORY}/traefik_acme.md5sum" > "${ACME_STORAGE_HASH}"