#!/bin/sh

# Create required directories
mkdir -p /etc/XplicitTrust
mkdir -p /var/log/xtna-service
mkdir -p /var/run/xt
mkdir -p /run/xt-updater

# Restore XplicitTrust directory from backup (upgrades)
if [ -d /tmp/xtna-config-backup ]; then
    cp -a /tmp/xtna-config-backup/* /etc/XplicitTrust/ 2>/dev/null || true
    rm -rf /tmp/xtna-config-backup
fi

# Create xtna-users group if it doesn't exist
grep -q xtna-users /etc/group || echo "xtna-users:x:1000:" >> /etc/group

# Add uhttpd to xtna-users group so the Lua API can access xtna sockets
grep -q "xtna-users.*uhttpd" /etc/group || \
    sed -i 's/^xtna-users:\([^:]*\):\([^:]*\):\(.*\)/xtna-users:\1:\2:\3,uhttpd/' /etc/group
# Clean up trailing/leading comma if member list was empty
sed -i 's/xtna-users:\([^:]*\):\([^:]*\):,/xtna-users:\1:\2:/' /etc/group


# Preserve installed files across firmware upgrades (sysupgrade).
# On OpenWrt, sysupgrade wipes the overlay except for paths listed here.
# Without this, only /etc/XplicitTrust/ (config) would survive.
SYSUPGRADE_PATHS="
/etc/XplicitTrust/
/usr/local/usr/bin/xtna-service
/usr/local/usr/bin/xtna-updater
/usr/local/usr/bin/xtna-util
/etc/init.d/xtna-service
/etc/init.d/xtna-updater
/usr/lib/lua/api/services/xtna.lua
/usr/share/rpcd/acl.d/xtna.json
/usr/share/vuci/path.d/xtna.json
/usr/share/vuci/menu.d/xtna.json
/www/views/services/
/etc/uci-defaults/99-xtna-restore
"
for path in $SYSUPGRADE_PATHS; do
    grep -q "^${path}$" /etc/sysupgrade.conf 2>/dev/null || \
        echo "$path" >> /etc/sysupgrade.conf
done

# Ensure TUN device exists
if [ ! -c /dev/net/tun ]; then
    mkdir -p /dev/net
    mknod /dev/net/tun c 10 200
    chmod 0755 /dev/net/tun
fi

# Enable and start services
if [ -x /etc/init.d/xtna-service ]; then
    /etc/init.d/xtna-service enable
    /etc/init.d/xtna-service start
fi

if [ -x /etc/init.d/xtna-updater ]; then
    /etc/init.d/xtna-updater enable
    /etc/init.d/xtna-updater start
fi

# Reload ACLs and restart rpcd/uhttpd to register API routes and pick up group changes
ubus call session reload_acls 2>/dev/null || true
[ -x /etc/init.d/rpcd ] && /etc/init.d/rpcd restart 2>/dev/null || true
[ -x /etc/init.d/uhttpd ] && /etc/init.d/uhttpd restart 2>/dev/null || true

# Notify vuci to reload menu routes
ubus send vuci.notify '{"event": "reload_routes"}' 2>/dev/null || true

exit 0
