#!/bin/sh
##########################################################################
# Copyright KAZ 2021							 #
# 									 #
# contact (at) kaz.bzh							 #
# 									 #
# This software is a filter to shrink email by attachment extraction.	 #
# 									 #
# This software is governed by the CeCILL-B license under French law and #
# abiding by  the rules of distribution  of free software. You  can use, #
# modify  and/or  redistribute  the  software under  the  terms  of  the #
# CeCILL-B license as circulated by CEA, CNRS and INRIA at the following #
# URL "http://www.cecill.info".						 #
# 									 #
# As a counterpart to the access to  the source code and rights to copy, #
# modify and  redistribute granted  by the  license, users  are provided #
# only with a limited warranty and  the software's author, the holder of #
# the economic  rights, and the  successive licensors have  only limited #
# liability.								 #
# 									 #
# In this respect, the user's attention is drawn to the risks associated #
# with loading,  using, modifying  and/or developing or  reproducing the #
# software by the user in light of its specific status of free software, #
# that may  mean that  it is  complicated to  manipulate, and  that also #
# therefore means  that it  is reserved  for developers  and experienced #
# professionals having in-depth computer  knowledge. Users are therefore #
# encouraged  to load  and test  the software's  suitability as  regards #
# their  requirements  in  conditions  enabling the  security  of  their #
# systems and/or  data to  be ensured  and, more  generally, to  use and #
# operate it in the same conditions as regards security.		 #
# 									 #
# The fact that  you are presently reading this means  that you have had #
# knowledge of the CeCILL-B license and that you accept its terms.	 #
##########################################################################

##########################################################################
# - installer l' utilitaire apg pour génération de mot de passes
# - le contenu de INSPECT_DIR doit être accessible en écriture pour le
#   proriétaire du script
# - shrinkEMail et jirafeau.sh doivent être accessible en execution pour
#   le roriétaire du script
##########################################################################

cd $(dirname $0)
DOMAINNAME=$(cat domainname)
# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
EX_TOO_LARGE=552
INSPECT_DIR=/var/spool/filter
FIC_LOG=/var/log/mail/filter.log
SENDMAIL="/usr/sbin/sendmail -G -i"
MAILS=/tmp/FILTER
MAX_KEEP_IN_MAIL=24ki
MAX_UPLOAD_SIZE=100Mi
SHRINK_CMD=/home/filter/eMailShrinker
JIRAFEAU_CMD=/home/filter/jirafeauAPI
JIRAFEAU_URL=https://depot.${DOMAINNAME:-"kaz.bzh"}
JIRAFEAU_LOCAL=http://depot
JIRAFEAU_TIME=month
MD5_CMD=/usr/bin/md5sum
DISCLAMER_CMD=altermime
MAX_FINAL_SIZE=204800 # 200ki
ARCHIVE_TITLE="archive_content"
ARCHIVE_MIME="text/kaz_email_archive"

####################  FONCTIONS ############################################
#--------------------- Fichier de LOG -------------------
LOG_FIC() {
    echo -e "$(date +%d-%m-%Y-%H-%M-%S) : $*" >> "${FIC_LOG}"
}

####################  MAIN #################################################
LOG_FIC "------------------------------------------------------"
LOG_FIC "--------------- debut de programme -------------------"

mkdir -p "${MAILS}" || { LOG_FIC "impossible de creer ce dossier"; exit "${EX_UNAVAILABLE}"; }
MAIL_SOURCE=$(echo $@ | awk 'BEGIN{FS=" "} {print $2}')
DATE_TEMPS=$(date "+%Y-%m-%d-%H:%M:%S")
REP_PIECE_JOINTE="${MAILS}/${DATE_TEMPS}_${MAIL_SOURCE}_$$"
TRACK=$(curl "${JIRAFEAU_LOCAL}/a.php?r=${MAIL_SOURCE}" 2>/dev/null)
cd "${INSPECT_DIR}" || { echo "${INSPECT_DIR} does not exist"; exit "${EX_TEMPFAIL}"; }

# lien renvoyé par le téléverssement
ONE_LINK="${REP_PIECE_JOINTE}/one.txt"
# anciens liens à réactiver
OLD_LINKS="${REP_PIECE_JOINTE}/url-to-refresh.txt"
# contenu de l'archive
ARCHIVE_CONTENT="${REP_PIECE_JOINTE}/archive-content.txt"

# Clean up when done or when aborting.
trap "rm -rf in.$$ in.$$.altered ${REP_PIECE_JOINTE}" 0 1 2 3 15

cat > "in.$$" || { LOG_FIC "Cannot save mail to file"; exit "${EX_TEMPFAIL}"; }
# XXX trace
# cp "${INSPECT_DIR}/in.$$" "${INSPECT_DIR}/in.$$.bak"

mkdir -p "${REP_PIECE_JOINTE}/"
>"${OLD_LINKS}"
>"${ARCHIVE_CONTENT}"

# Etape de rafraichissement des anciens fichiers inclus
echo "time: ${DATE_TEMPS}" > "${ARCHIVE_CONTENT}"
[ -n "${TRACK}" ] && echo "src: ${MAIL_SOURCE}" >> "${ARCHIVE_CONTENT}"

LOG_FIC "${SHRINK_CMD} -u \"${INSPECT_DIR}/in.$$\" 2>> \"${FIC_LOG}\" > \"${OLD_LINKS}\""
"${SHRINK_CMD}" -u "${INSPECT_DIR}/in.$$" 2>> "${FIC_LOG}" > "${OLD_LINKS}"

cat "${OLD_LINKS}" | grep "${JIRAFEAU_URL}" | while read REMOTE_LINK
do
    REMOTE_REF=$(echo "${REMOTE_LINK}" | sed -e 's/.*h=\([^&]*\).*/\1/' -e 's/.*http.*//')
    [ -z "${REMOTE_REF}" ] && continue
    REMOTE_KEY=$(echo "${REMOTE_LINK}" | grep "k=" | sed 's%.*k=\([^&]*\).*%\1%')
    # update periode for download
    LOG_FIC " - \"${JIRAFEAU_CMD}\" -f \"${JIRAFEAU_LOCAL}\" -t \"${JIRAFEAU_TIME}\" update \"${REMOTE_REF}\" 2>&1 >> \"${FIC_LOG}\""
    "${JIRAFEAU_CMD}" -f "${JIRAFEAU_LOCAL}" -t "${JIRAFEAU_TIME}" update "${REMOTE_REF}" 2>&1 >> "${FIC_LOG}"
    echo "old: ${REMOTE_REF} ${REMOTE_KEY}" >> "${ARCHIVE_CONTENT}"
done
LOG_FIC " - archive starts with: $(cat ${ARCHIVE_CONTENT})"

# Etape extraction des pieces jointes
LOG_FIC "${SHRINK_CMD} -s ${MAX_KEEP_IN_MAIL} -d ${REP_PIECE_JOINTE} ${INSPECT_DIR}/in.$$"
"${SHRINK_CMD}" -s "${MAX_KEEP_IN_MAIL}" -d "${REP_PIECE_JOINTE}" "${INSPECT_DIR}/in.$$"  2>> "${FIC_LOG}" | {
    while read ATTACH_TMP_NAME
    do
	if [ -d "${ATTACH_TMP_NAME}" ]
	then
	    ATTACH_MEDIA="${ATTACH_TMP_NAME}/media"
	    ATTACH_NAME=$(grep "^Name: " "${ATTACH_TMP_NAME}/meta" | cut -c 7- )
	    ATTACH_CONTENT_TYPE=$(grep "^Content-Type: " "${ATTACH_TMP_NAME}/meta" | cut -c 15- )
	else
	    # XXX error
	    continue
	fi
	# Etape de televersement des pieces jointes
	PASSWORD=$(apg -n 1 -m 12)
	PASSWORD_MD5=$(echo -n ${PASSWORD} | ${MD5_CMD} | cut -d \  -f 1)
	LOG_FIC " - \"${JIRAFEAU_CMD}\" -f \"${JIRAFEAU_LOCAL}\" -s \"${MAX_UPLOAD_SIZE}\" -c \"${ATTACH_CONTENT_TYPE}\" -n \"${ATTACH_NAME}\" send \"${ATTACH_MEDIA}\" \"${PASSWORD}\" 2>> \"${FIC_LOG}\" > \"${ONE_LINK}\""
	"${JIRAFEAU_CMD}" -f "${JIRAFEAU_LOCAL}" -s "${MAX_UPLOAD_SIZE}" -c "${ATTACH_CONTENT_TYPE}" -n "${ATTACH_NAME}" send "${ATTACH_MEDIA}" "${PASSWORD}" 2>> "${FIC_LOG}" > "${ONE_LINK}"
	cat "${ONE_LINK}"  | {
	    read JIR_TOKEN
	    read JIR_CODE
	    LOG_FIC " - Jirafeau retourne ${JIR_TOKEN} et ${JIR_CODE}"
	    case "${JIR_TOKEN}" in
		    "" | no | *Error* | \<* )
		    LOG_FIC " - impossible de televerser ${ATTACH_TMP_FILE} (${JIR_TOKEN}), il ne sera pas remplace dans le message"
		    echo "new:"
		    ;;
		* )
		    LOG_FIC " - substitution par ${JIRAFEAU_URL}/f.php?d=1&h=${JIR_TOKEN}&k=${PASSWORD_MD5}"
		    echo "url: ${JIRAFEAU_URL}/f.php?d=1&h=${JIR_TOKEN}&k=${PASSWORD_MD5}"
		    echo "new: ${JIR_TOKEN} ${PASSWORD_MD5}" >> "${ARCHIVE_CONTENT}"
		    ;;
	    esac
	}
	LOG_FIC " - supprimer l'extraction ${ATTACH_TMP_FILE}"
	rm -f "${ATTACH_TMP_FILE}"
    done
    # Création de l'archive
    NB_ATTACH=$(grep -e "^old: " -e "^new: " "${ARCHIVE_CONTENT}" | wc -l)
    if [ -n "${TRACK}" ] || [ "${NB_ATTACH}" -gt 1 ]; then
	PASSWORD=$(apg -n 1 -m 12)
	PASSWORD_MD5=$(echo -n ${PASSWORD} | ${MD5_CMD} | cut -d \  -f 1)
	LOG_FIC " - \"${JIRAFEAU_CMD}\" -f \"${JIRAFEAU_LOCAL}\" -s \"${MAX_UPLOAD_SIZE}\" -c \"${ARCHIVE_MIME}\" -n \"${ARCHIVE_TITLE}\" send \"${ARCHIVE_CONTENT}\" \"${PASSWORD}\" 2>> \"${FIC_LOG}\" > \"${ONE_LINK}\""
	"${JIRAFEAU_CMD}" -f "${JIRAFEAU_LOCAL}" -s "${MAX_UPLOAD_SIZE}" -c "${ARCHIVE_MIME}" -n "${ARCHIVE_TITLE}" send "${ARCHIVE_CONTENT}" "${PASSWORD}" 2>> "${FIC_LOG}" > "${ONE_LINK}"
    fi
    if  [ "${NB_ATTACH}" -gt 1 ]; then
	cat "${ONE_LINK}"  | {
	    read JIR_TOKEN
	    read JIR_CODE
	    LOG_FIC " - Jirafeau retourne ${JIR_TOKEN} et ${JIR_CODE}"
	    case "${JIR_TOKEN}" in
		"" | no | *Error* | \<* )
		    LOG_FIC " - impossible de televerser l'archive (${JIR_TOKEN}), il ne sera pas remplace dans le message"
		    echo "arch: bad"
		    ;;
		* )
		    LOG_FIC " - ajoute de l'archive ${JIRAFEAU_URL}/a.php?g=${JIR_TOKEN}~${PASSWORD_MD5}"
		    echo "arch: ${JIRAFEAU_URL}/a.php?g=${JIR_TOKEN}~${PASSWORD_MD5}"
		    ;;
	    esac
	}
    else
	LOG_FIC " - pas d'archive (moins de 2 PJ)"
	echo "arch: none"
    fi
    # Etape de substitution
    LOG_FIC "${SHRINK_CMD} -s \"${MAX_KEEP_IN_MAIL}\" \"${INSPECT_DIR}/in.$$\" \"${INSPECT_DIR}/in.$$.altered\" 2>> \"${FIC_LOG}\""
} | "${SHRINK_CMD}" -s "${MAX_KEEP_IN_MAIL}" "${INSPECT_DIR}/in.$$" "${INSPECT_DIR}/in.$$.altered" 2>> "${FIC_LOG}"

# XXX trace
# cp "${INSPECT_DIR}/in.$$" "${INSPECT_DIR}/in.$$.altered" /var/mail/tmp/

# Etape choix de modification du message d'origine
if [ "$(wc -l < "${ARCHIVE_CONTENT}")" -ge 3 ]; then
    # verification de taille finale
    actualSize=$(wc -c < "${INSPECT_DIR}/in.$$.altered")
    if [ ${actualSize} -ge $MAX_FINAL_SIZE ]; then
	LOG_FIC " - message trop gros apres regime ${INSPECT_DIR}/in.$$.altered (${actualSize})"
	exit "${EX_TOO_LARGE}";
    fi
    LOG_FIC " - envoi de la commande : ${SENDMAIL} $@ ${INSPECT_DIR}/in.$$.altered"
    ${SENDMAIL} "$@" < "${INSPECT_DIR}/in.$$.altered"
else
    # verification de taille finale
    actualSize=$(wc -c < "${INSPECT_DIR}/in.$$")
    if [ ${actualSize} -ge $MAX_FINAL_SIZE ]; then
	LOG_FIC " - message trop gros sans regime ${INSPECT_DIR}/in.$$ (${actualSize})"
	exit "${EX_TOO_LARGE}";
    fi
    LOG_FIC " - pas de piece jointe"
    ${SENDMAIL} "$@" < "in.$$"
fi

exit 0

##########################################################################