#!/bin/bash

set -e

INSTALL_DIR="/opt/sing-box-warp"
CONFIG_DIR="/etc/sing-box-warp"
CACHE_DIR="/var/cache/sing-box-warp"
SERVICE_NAME="sing-box-warp"
SING_BOX_VERSION="1.13.2-extended-1.6.2"
SING_BOX_URL="https://ghettoloader.duckdns.org/hesoyam/sing-box-extended-mirror/releases/download/v${SING_BOX_VERSION}/sing-box-${SING_BOX_VERSION}-linux-amd64.tar.gz"
REINSTALL=0

is_existing_install() {
    if [ -f "/etc/systemd/system/${SERVICE_NAME}.service" ]; then
        return 0
    fi
    if systemctl list-unit-files "${SERVICE_NAME}.service" --no-legend 2>/dev/null | grep -q "${SERVICE_NAME}"; then
        return 0
    fi
    if [ -d "$INSTALL_DIR" ] && [ -n "$(ls -A "$INSTALL_DIR" 2>/dev/null)" ]; then
        return 0
    fi
    if [ -f "$CONFIG_DIR/warp.conf" ]; then
        return 0
    fi
    return 1
}

stop_existing_service() {
    local running=0

    if systemctl is-active --quiet "$SERVICE_NAME" 2>/dev/null; then
        running=1
        echo "Service ${SERVICE_NAME} is running, stopping..."
    elif systemctl list-unit-files "${SERVICE_NAME}.service" --no-legend 2>/dev/null | grep -q "${SERVICE_NAME}"; then
        echo "Service ${SERVICE_NAME} is installed but not running, stopping..."
    fi

    systemctl stop "$SERVICE_NAME" 2>/dev/null || true
    systemctl disable "$SERVICE_NAME" 2>/dev/null || true

    if pgrep -f "sing-box run -c ${INSTALL_DIR}/config.json" >/dev/null 2>&1; then
        echo "Stopping remaining sing-box processes..."
        pkill -f "sing-box run -c ${INSTALL_DIR}/config.json" 2>/dev/null || true
        sleep 1
    fi

    if [ "$running" -eq 1 ] || systemctl is-failed --quiet "$SERVICE_NAME" 2>/dev/null; then
        systemctl reset-failed "$SERVICE_NAME" 2>/dev/null || true
    fi
}

clean_existing_files() {
    echo "Removing previous installation files..."

    rm -rf "${INSTALL_DIR:?}"/*
    rm -f "$INSTALL_DIR/config.json" "$INSTALL_DIR/generate-config.sh" 2>/dev/null || true
    rm -rf "$INSTALL_DIR/rules"

    rm -f "$CONFIG_DIR/enable-tun" 2>/dev/null || true
    rm -rf "${CACHE_DIR:?}"/*
}

prepare_reinstall() {
    if ! is_existing_install; then
        return 0
    fi

    REINSTALL=1
    echo ""
    echo "=== Existing installation detected ==="
    stop_existing_service
    clean_existing_files
    systemctl daemon-reload 2>/dev/null || true
    echo "Ready for clean reinstall."
    echo ""
}

start_service() {
    echo "Generating config..."
    WARP_CONF="$CONFIG_DIR/warp.conf" \
    OUTPUT_CONFIG="$INSTALL_DIR/config.json" \
    ENABLE_TUN_FILE="$CONFIG_DIR/enable-tun" \
    "$INSTALL_DIR/generate-config.sh"

    echo "Starting ${SERVICE_NAME}..."
    systemctl enable "$SERVICE_NAME"
    systemctl start "$SERVICE_NAME"
    sleep 2
    systemctl status "$SERVICE_NAME" --no-pager || true
}

echo "=== Sing-Box WARP Quick Installer ==="
echo ""

if [ "$EUID" -ne 0 ]; then 
    echo "Please run as root (use sudo)"
    exit 1
fi

prepare_reinstall

echo "Creating directories..."
mkdir -p "$INSTALL_DIR"
mkdir -p "$CONFIG_DIR"
mkdir -p "$CACHE_DIR"

echo ""
echo "=== WARP Configuration ==="
echo "goto ->> https://warp-generator.github.io/ generater for AWG 3.0"
echo "Paste your WARP config (wg://... or [Interface]/[Peer] INI)."
echo "Finish input with Ctrl-D."
WARP_INPUT=$(cat < /dev/tty)

if [ -z "$WARP_INPUT" ]; then
    echo "Error: warp.conf input is empty!"
    exit 1
fi

printf "%s\n" "$WARP_INPUT" > "$CONFIG_DIR/warp.conf"

echo ""
echo "Configuration saved to $CONFIG_DIR/warp.conf"

echo ""
echo "=== TUN mode ==="
echo "TUN routes system traffic through sing-box (needs CAP_NET_ADMIN)."
echo "Without TUN, only SOCKS5 proxy on port 2080 is available."
read -p "Enable TUN mode? (y/n) " -n 1 -r < /dev/tty
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
    ENABLE_TUN=1
    echo "1" > "$CONFIG_DIR/enable-tun"
    echo "TUN mode enabled."
else
    ENABLE_TUN=0
    echo "0" > "$CONFIG_DIR/enable-tun"
    echo "TUN mode disabled (SOCKS5 only)."
fi

echo ""
echo "Downloading sing-box..."
NEED_DOWNLOAD=1

if [ "$REINSTALL" -eq 1 ]; then
    echo "Reinstall: updating sing-box binary..."
    NEED_DOWNLOAD=1
elif command -v sing-box >/dev/null 2>&1; then
    INSTALLED_VERSION=$(sing-box version 2>/dev/null | head -n 1 || true)
    if echo "$INSTALLED_VERSION" | grep -q "$SING_BOX_VERSION"; then
        NEED_DOWNLOAD=0
        echo "sing-box already installed ($INSTALLED_VERSION), skipping download."
    else
        echo "sing-box is installed ($INSTALLED_VERSION) but version mismatch, downloading $SING_BOX_VERSION..."
    fi
fi

if [ "$NEED_DOWNLOAD" -eq 1 ]; then
    cd /tmp
    TARBALL="sing-box-${SING_BOX_VERSION}-linux-amd64.tar.gz"
    rm -f "$TARBALL"

    echo "Downloading $TARBALL ..."
    if ! wget -q --show-progress --timeout=20 --tries=3 --waitretry=5 --retry-connrefused --continue -O "$TARBALL" "$SING_BOX_URL"; then
        echo "wget failed, trying curl..."
        curl -fL --connect-timeout 20 --retry 3 --retry-delay 5 -o "$TARBALL" "$SING_BOX_URL"
    fi

    tar -xzf "$TARBALL"
    mv "sing-box-${SING_BOX_VERSION}-linux-amd64/sing-box" /usr/local/bin/sing-box
    chmod +x /usr/local/bin/sing-box
    rm -rf "$TARBALL" "sing-box-${SING_BOX_VERSION}-linux-amd64"
fi

GENERATE_CONFIG_URL="https://ghettoloader.duckdns.org/hesoyam/sing-warp-socks5/raw/branch/main/generate-config.sh"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

echo "Installing generate-config.sh..."
if [ -f "$SCRIPT_DIR/generate-config.sh" ]; then
    cp "$SCRIPT_DIR/generate-config.sh" "$INSTALL_DIR/generate-config.sh"
    echo "Copied generate-config.sh from installer directory."
elif wget -q --timeout=20 -O "$INSTALL_DIR/generate-config.sh" "$GENERATE_CONFIG_URL"; then
    echo "Downloaded generate-config.sh."
elif curl -fsSL --connect-timeout 20 -o "$INSTALL_DIR/generate-config.sh" "$GENERATE_CONFIG_URL"; then
    echo "Downloaded generate-config.sh (curl)."
else
    echo "Error: failed to install generate-config.sh"
    exit 1
fi

chmod +x "$INSTALL_DIR/generate-config.sh"

echo "Creating systemd service..."
cat > /etc/systemd/system/sing-box-warp.service <<"'SERVICE_EOF'"
[Unit]
Description=Sing-Box WARP SOCKS5 Proxy
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=root
WorkingDirectory=/opt/sing-box-warp
Environment="HOME=/var/cache/sing-box-warp"
Environment="WARP_CONF=/etc/sing-box-warp/warp.conf"
Environment="OUTPUT_CONFIG=/opt/sing-box-warp/config.json"
ExecStartPre=/opt/sing-box-warp/generate-config.sh
ExecStart=/usr/local/bin/sing-box run -c /opt/sing-box-warp/config.json
Restart=on-failure
RestartSec=5s
StandardOutput=journal
StandardError=journal

NoNewPrivileges=false
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/sing-box-warp /var/cache/sing-box-warp
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
'SERVICE_EOF'

echo "Configuring sysctl parameters..."
cat > /etc/sysctl.d/99-sing-box-warp.conf <<EOF
net.ipv4.conf.all.src_valid_mark=1
net.ipv6.conf.all.disable_ipv6=0
net.ipv4.ip_forward=1
EOF
sysctl -p /etc/sysctl.d/99-sing-box-warp.conf

if [ "$ENABLE_TUN" = "1" ]; then
    RULES_BASE="https://ghettoloader.duckdns.org/hesoyam/ruwake-panel-lists/raw/branch/main"
    echo "Downloading routing rule sets..."
    rm -rf "$INSTALL_DIR/rules"
    mkdir -p "$INSTALL_DIR/rules"
    wget -O "$INSTALL_DIR/rules/antifilter_allyouneed.srs" "$RULES_BASE/antifilter_allyouneed.srs"
    wget -O "$INSTALL_DIR/rules/antizapret.srs" "$RULES_BASE/antizapret.srs"
    wget -O "$INSTALL_DIR/rules/github_ip_you-oops-dev.srs" "$RULES_BASE/github_ip_you-oops-dev.srs"
    wget -O "$INSTALL_DIR/rules/github_karingx.srs" "$RULES_BASE/github_karingx.srs"
    wget -O "$INSTALL_DIR/rules/cloudfront_ip_MetaCubeX.srs" "$RULES_BASE/cloudfront_ip_MetaCubeX.srs"
    wget -O "$INSTALL_DIR/rules/telegram_MetaCubeX.srs" "$RULES_BASE/telegram_MetaCubeX.srs"
    wget -O "$INSTALL_DIR/rules/refilter_ipsum.srs" "$RULES_BASE/refilter_ipsum.srs"
    chmod -R 775 "$INSTALL_DIR/rules"
else
    echo "Skipping rule sets download (TUN disabled)."
    rm -rf "$INSTALL_DIR/rules"
fi

echo "Reloading systemd..."
systemctl daemon-reload

echo ""
echo "=== Installation Complete ==="
echo ""
echo "Service commands:"
echo "  Enable:  sudo systemctl enable sing-box-warp"
echo "  Start:   sudo systemctl start sing-box-warp"
echo "  Status:  sudo systemctl status sing-box-warp"
echo "  Logs:    sudo journalctl -u sing-box-warp -f"
echo ""
echo "SOCKS5 proxy: localhost:2080"
echo ""

if [ "$REINSTALL" -eq 1 ]; then
    echo "Reinstall complete, starting service..."
    start_service
else
    read -p "Start service now? (y/n) " -n 1 -r < /dev/tty
    echo
    if [[ $REPLY =~ ^[Yy]$ ]]; then
        start_service
    fi
fi

echo ""
echo "Done!"