#!/bin/bash
set -e

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }

if [[ $EUID -ne 0 ]]; then
   log_error "Запустите этот скрипт с правами суперпользователя (используйте sudo)."
   exit 1
fi

if [ -f /etc/os-release ]; then
    . /etc/os-release
    DISTRO="$ID"
    FAMILY="$ID_LIKE"
else
    log_error "Не удалось определить дистрибутив."
    exit 1
fi

if echo "$DISTRO $FAMILY" | grep -qi "debian\|ubuntu"; then
    PKG_MANAGER="apt"
    DISTRO_FAMILY="debian"
elif echo "$DISTRO $FAMILY" | grep -qi "rhel\|centos\|fedora"; then
    PKG_MANAGER="dnf"
    DISTRO_FAMILY="rhel"
    if ! command -v dnf >/dev/null 2>&1; then
        PKG_MANAGER="yum"
    fi
else
    log_error "Ваш дистрибутив '$DISTRO' не поддерживается. Поддерживаются: Debian/Ubuntu, CentOS/RHEL/Fedora."
    exit 1
fi

systemctl stop nginx httpd apache2 php*-fpm 2>/dev/null || true
systemctl disable nginx httpd 2>/dev/null || true

if [ "$DISTRO_FAMILY" = "debian" ]; then
    apt remove -y nginx nginx-common nginx-core >/dev/null 2>&1 || true
    apt remove -y php7.* php8.0* php8.1* php8.2* libapache2-mod-php7.* libapache2-mod-php8.0* libapache2-mod-php8.1* libapache2-mod-php8.2* >/dev/null 2>&1 || true
elif [ "$DISTRO_FAMILY" = "rhel" ]; then
    $PKG_MANAGER remove -y nginx >/dev/null 2>&1 || true
    $PKG_MANAGER remove -y php php7* php80* php81* php82* >/dev/null 2>&1 || true
fi

if [ "$DISTRO_FAMILY" = "debian" ]; then
    apt update -y >/dev/null 2>&1
    apt install -y software-properties-common lsb-release ca-certificates curl wget gnupg2 apt-transport-https unzip >/dev/null 2>&1
elif [ "$DISTRO_FAMILY" = "rhel" ]; then
    $PKG_MANAGER update -y >/dev/null 2>&1
    $PKG_MANAGER install -y epel-release >/dev/null 2>&1 || true
    $PKG_MANAGER install -y curl wget gnupg2 unzip >/dev/null 2>&1
fi

if [ "$DISTRO_FAMILY" = "debian" ]; then
    if ! apt-cache show php8.3 &>/dev/null; then
        if ! add-apt-repository ppa:ondrej/php -y >/dev/null 2>&1; then
            log_error "Не удалось добавить PPA ondrej/php."
            exit 1
        fi
        
        apt update -y >/dev/null 2>&1
        
        if ! apt-cache show php8.3 &>/dev/null; then
            log_error "PHP 8.3 все еще недоступен после добавления PPA."
            exit 1
        fi
    fi
    
elif [ "$DISTRO_FAMILY" = "rhel" ]; then
    if [ "$DISTRO" = "fedora" ]; then
        $PKG_MANAGER install -y https://rpms.remirepo.net/fedora/remi-release-$(rpm -E %fedora).rpm >/dev/null 2>&1 || true
    else
        $PKG_MANAGER install -y https://rpms.remirepo.net/enterprise/remi-release-$(rpm -E %rhel).rpm >/dev/null 2>&1 || true
    fi
    
    if command -v dnf >/dev/null 2>&1; then
        dnf module reset php -y >/dev/null 2>&1 || true
        dnf module enable php:remi-8.3 -y >/dev/null 2>&1 || true
    fi
    
    if ! $PKG_MANAGER list available php83* php8.3* >/dev/null 2>&1; then
        log_error "PHP 8.3 недоступен в репозиториях."
        exit 1
    fi
fi

if [ "$DISTRO_FAMILY" = "debian" ]; then
    apt install -y apache2 >/dev/null 2>&1
    apt install -y mariadb-server >/dev/null 2>&1
    apt install -y redis-server libreoffice default-jre >/dev/null 2>&1
    
    PHP_PACKAGES="php8.3 php8.3-cli php8.3-common php8.3-mysql php8.3-curl php8.3-gd \
                  php8.3-mbstring php8.3-xml php8.3-zip php8.3-opcache php8.3-intl \
                  php8.3-bcmath libapache2-mod-php8.3"
    
    if ! apt install -y $PHP_PACKAGES >/dev/null 2>&1; then
        log_error "Не удалось установить PHP 8.3 и/или его расширения."
        exit 1
    fi
    
elif [ "$DISTRO_FAMILY" = "rhel" ]; then
    $PKG_MANAGER install -y httpd >/dev/null 2>&1
    $PKG_MANAGER install -y mariadb-server >/dev/null 2>&1
    $PKG_MANAGER install -y redis libreoffice java-11-openjdk >/dev/null 2>&1
    
    if [ "$DISTRO" = "fedora" ]; then
        PHP_PACKAGES="php php-cli php-common php-mysqlnd php-curl php-gd \
                      php-mbstring php-xml php-zip php-opcache php-intl \
                      php-bcmath"
    else
        PHP_PACKAGES="php83 php83-php php83-php-cli php83-php-common php83-php-mysqlnd php83-php-curl php83-php-gd \
                      php83-php-mbstring php83-php-xml php83-php-zip php83-php-opcache php83-php-intl \
                      php83-php-bcmath"
    fi
    
    if ! $PKG_MANAGER install -y $PHP_PACKAGES >/dev/null 2>&1; then
        log_error "Не удалось установить PHP 8.3 и/или его расширения."
        exit 1
    fi
    
    if command -v php83 >/dev/null 2>&1 && [ ! -f /usr/bin/php ]; then
        ln -sf /usr/bin/php83 /usr/bin/php >/dev/null 2>&1 || true
    fi
fi

if [ "$DISTRO_FAMILY" = "debian" ]; then
    a2enmod php8.3 rewrite ssl headers expires deflate >/dev/null 2>&1
    
    for php_ver in 7.4 8.0 8.1 8.2; do
        a2dismod php$php_ver >/dev/null 2>&1 || true
    done
    
    WEBROOT="/var/www/html"
    APACHE_CONF="/etc/apache2/sites-available/000-default.conf"
    WEBSERVER_USER="www-data"
    
elif [ "$DISTRO_FAMILY" = "rhel" ]; then
    WEBROOT="/var/www/html"
    APACHE_CONF="/etc/httpd/conf.d/000-default.conf"
    WEBSERVER_USER="apache"
    
    cat > "/etc/httpd/conf.d/php.conf" << 'EOF'
LoadModule php_module modules/libphp.so
LoadModule rewrite_module modules/mod_rewrite.so

<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>
EOF

fi

mkdir -p "$WEBROOT"

cat > "$APACHE_CONF" <<EOF
<VirtualHost *:80>
    DocumentRoot $WEBROOT
    ServerName localhost
    ServerAlias www.localhost

    <Directory $WEBROOT>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
        
        <IfModule mod_deflate.c>
            SetOutputFilter DEFLATE
            SetEnvIfNoCase Request_URI \
                \.(?:gif|jpe?g|png)$ no-gzip dont-vary
            SetEnvIfNoCase Request_URI \
                \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
        </IfModule>
    </Directory>

    <FilesMatch \.php$>
        SetHandler application/x-httpd-php
    </FilesMatch>

    <Files "*.conf">
        Require all denied
    </Files>
    
    <Files "db_config.php">
        Require all denied
    </Files>

    <Files ".htaccess">
        Require all denied
    </Files>

    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresByType image/jpg "access plus 1 month"
        ExpiresByType image/jpeg "access plus 1 month"
        ExpiresByType image/gif "access plus 1 month"
        ExpiresByType image/png "access plus 1 month"
        ExpiresByType image/svg+xml "access plus 1 month"
        ExpiresByType text/css "access plus 1 month"
        ExpiresByType application/javascript "access plus 1 month"
        ExpiresByType text/javascript "access plus 1 month"
    </IfModule>

    ErrorLog \${APACHE_LOG_DIR}/error.log
    CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF

if [ "$DISTRO_FAMILY" = "debian" ]; then
    PHP_INI_PATH="/etc/php/8.3/apache2/php.ini"
elif [ "$DISTRO_FAMILY" = "rhel" ]; then
    if [ "$DISTRO" = "fedora" ]; then
        PHP_INI_PATH="/etc/php.ini"
    else
        PHP_INI_PATH="/etc/opt/remi/php83/php.ini"
        [ ! -f "$PHP_INI_PATH" ] && PHP_INI_PATH="/etc/php.ini"
    fi
fi

if [ -f "$PHP_INI_PATH" ]; then
    cp "$PHP_INI_PATH" "${PHP_INI_PATH}.backup.$(date +%Y%m%d_%H%M%S)"
    
    sed -i 's/;*upload_max_filesize = .*/upload_max_filesize = 64M/' "$PHP_INI_PATH"
    sed -i 's/;*post_max_size = .*/post_max_size = 64M/' "$PHP_INI_PATH"
    sed -i 's/;*max_execution_time = .*/max_execution_time = 300/' "$PHP_INI_PATH"
    sed -i 's/;*memory_limit = .*/memory_limit = 256M/' "$PHP_INI_PATH"
    sed -i 's/;*max_input_vars = .*/max_input_vars = 3000/' "$PHP_INI_PATH"
    
    sed -i 's/;*opcache.enable=.*/opcache.enable=1/' "$PHP_INI_PATH"
    sed -i 's/;*opcache.enable_cli=.*/opcache.enable_cli=1/' "$PHP_INI_PATH"
    sed -i 's/;*opcache.memory_consumption=.*/opcache.memory_consumption=128/' "$PHP_INI_PATH"
    sed -i 's/;*opcache.revalidate_freq=.*/opcache.revalidate_freq=2/' "$PHP_INI_PATH"
    sed -i 's/;*opcache.max_accelerated_files=.*/opcache.max_accelerated_files=4000/' "$PHP_INI_PATH"
    
    sed -i 's/;*expose_php = .*/expose_php = Off/' "$PHP_INI_PATH"
    sed -i 's/;*display_errors = .*/display_errors = Off/' "$PHP_INI_PATH"
    sed -i 's/;*log_errors = .*/log_errors = On/' "$PHP_INI_PATH"
fi

cat > "$WEBROOT/db_config.php" << 'EOF'
<?php
$db_host = 'localhost';
$db_user = 'root';
$db_pass = 'muJh9tNY8sg0';
$db_name = 'ALTCor';

define('OFFICE', '/usr/bin/libreoffice');
define('DB_CHARSET', 'utf8mb4');
?>
EOF

DOWNLOAD_URL="https://cloud.altcor.ru/setup/download.php"
TEMP_DOWNLOAD="/tmp/web_files_$(date +%s)"

create_fallback_index() {
    cat > "$WEBROOT/index.php" << 'EOF'
<?php
require_once __DIR__ . '/db_config.php';

echo "<!DOCTYPE html>";
echo "<html lang='ru'>";
echo "<head>";
echo "<meta charset='UTF-8'>";
echo "<meta name='viewport' content='width=device-width, initial-scale=1.0'>";
echo "<title>Сервер LAMP - Готов к работе</title>";
echo "<style>";
echo "body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; margin: 40px; background: #f5f5f5; }";
echo ".container { max-width: 800px; margin: 0 auto; background: white; padding: 40px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0,0,0,0.1); }";
echo "h1 { color: #2c5282; margin-top: 0; }";
echo ".status { padding: 15px; margin: 10px 0; border-radius: 5px; }";
echo ".success { background: #c6f6d5; color: #22543d; border-left: 4px solid #38a169; }";
echo ".warning { background: #fef5e7; color: #744210; border-left: 4px solid #ed8936; }";
echo "</style>";
echo "</head>";
echo "<body>";
echo "<div class='container'>";
echo "<h1>🚀 Сервер LAMP готов к работе</h1>";
echo "<div class='status success'>";
echo "<strong>✅ PHP " . phpversion() . " работает корректно!</strong><br>";
echo "Время сервера: " . date('Y-m-d H:i:s T') . "<br>";
echo "Document Root: " . $_SERVER['DOCUMENT_ROOT'];
echo "</div>";

// Проверка подключения к БД
try {
    $pdo = new PDO("mysql:host=$db_host;dbname=$db_name;charset=utf8mb4", $db_user, $db_pass);
    echo "<div class='status success'>";
    echo "<strong>✅ База данных подключена успешно</strong><br>";
    echo "База данных: $db_name<br>";
    echo "Хост: $db_host";
    echo "</div>";
} catch (PDOException $e) {
    echo "<div class='status warning'>";
    echo "<strong>⚠️ Проблема с базой данных:</strong> " . htmlspecialchars($e->getMessage());
    echo "</div>";
}

echo "<div class='status warning'>";
echo "<strong>⚠️ Внимание:</strong> Используется временная страница.<br>";
echo "Основные файлы приложения не были загружены с удаленного сервера.<br>";
echo "Для загрузки файлов вручную выполните:<br>";
echo "<code>cd /var/www/html && wget https://cloud.altcor.ru/setup/download.php -O files.download</code>";
echo "</div>";

echo "</div>";
echo "</body>";
echo "</html>";
?>
EOF
}

if ! curl -f -s --max-time 10 --head "$DOWNLOAD_URL" >/dev/null 2>&1; then
    create_fallback_index
else
    find "$WEBROOT" -type f ! -name "db_config.php" -delete 2>/dev/null || true
    
    if curl -f -L --max-time 30 -o "$TEMP_DOWNLOAD" "$DOWNLOAD_URL" 2>/dev/null; then
        
        FILE_TYPE=$(file -b "$TEMP_DOWNLOAD" 2>/dev/null || echo "unknown")
        
        if file "$TEMP_DOWNLOAD" | grep -qi "zip\|archive"; then
            if unzip -q "$TEMP_DOWNLOAD" -d "$WEBROOT" 2>/dev/null; then
                true
            else
                unzip -o "$TEMP_DOWNLOAD" -d "$WEBROOT" >/dev/null 2>&1 || create_fallback_index
            fi
            
        elif file "$TEMP_DOWNLOAD" | grep -qi "gzip"; then
            if gunzip -c "$TEMP_DOWNLOAD" > "$WEBROOT/index.php" 2>/dev/null; then
                true
            else
                create_fallback_index
            fi
            
        elif head -n 1 "$TEMP_DOWNLOAD" | grep -q "<?php\|<!DOCTYPE\|<html"; then
            cp "$TEMP_DOWNLOAD" "$WEBROOT/index.php"
            
        elif head -n 1 "$TEMP_DOWNLOAD" | grep -q "{"; then
            create_fallback_index
            
        else
            if head -10 "$TEMP_DOWNLOAD" | grep -qi "error\|404\|403\|500\|<title"; then
                create_fallback_index
            else
                cp "$TEMP_DOWNLOAD" "$WEBROOT/index.php"
            fi
        fi
        
        rm -f "$TEMP_DOWNLOAD"
        
    else
        if curl -L -k --user-agent "Mozilla/5.0 (Linux) Setup Script" --max-time 30 -o "$TEMP_DOWNLOAD" "$DOWNLOAD_URL" 2>/dev/null; then
            cp "$TEMP_DOWNLOAD" "$WEBROOT/downloaded_file"
            rm -f "$TEMP_DOWNLOAD"
        fi
        
        create_fallback_index
    fi
fi

cat > "$WEBROOT/.htaccess" << 'EOF'
<Files "db_config.php">
    Require all denied
</Files>

<Files "*.conf">
    Require all denied
</Files>

<Files ".env">
    Require all denied
</Files>

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml
</IfModule>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/svg+xml "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
</IfModule>

<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>

RewriteEngine On
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule ^(.*)$ index.php [QSA,L]
EOF

chown -R $WEBSERVER_USER:$WEBSERVER_USER "$WEBROOT"
chmod -R 755 "$WEBROOT"
chmod 644 "$WEBROOT/.htaccess" 2>/dev/null || true
chmod 600 "$WEBROOT/db_config.php"

MYSQL_TMP_SCRIPT="/tmp/mysql_setup_$(date +%s).sql"
cat > "$MYSQL_TMP_SCRIPT" << 'MYSQL_SCRIPT'

ALTER USER IF EXISTS 'root'@'localhost' IDENTIFIED VIA mysql_native_password USING PASSWORD('muJh9tNY8sg0');

CREATE DATABASE IF NOT EXISTS ALTCor CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

GRANT ALL PRIVILEGES ON ALTCor.* TO 'root'@'localhost';
FLUSH PRIVILEGES;

DELETE FROM mysql.user WHERE user='';

DELETE FROM mysql.user WHERE user='root' AND host NOT IN ('localhost', '127.0.0.1', '::1');

DROP DATABASE IF EXISTS test;

SHOW DATABASES;
MYSQL_SCRIPT

if ! mysql -u root < "$MYSQL_TMP_SCRIPT" >/dev/null 2>&1; then
    log_error "Не удалось выполнить скрипт настройки MariaDB."
    rm -f "$MYSQL_TMP_SCRIPT"
    exit 1
fi
rm -f "$MYSQL_TMP_SCRIPT"

if [ "$DISTRO_FAMILY" = "debian" ]; then
    if ! apache2ctl configtest >/dev/null 2>&1; then
        log_error "Конфигурация Apache содержит ошибки."
        exit 1
    fi
    
    systemctl restart apache2 >/dev/null 2>&1
    systemctl enable apache2 >/dev/null 2>&1
    
    WEBSERVER_SERVICE="apache2"
    
elif [ "$DISTRO_FAMILY" = "rhel" ]; then
    if ! httpd -t >/dev/null 2>&1; then
        log_error "Конфигурация Apache (httpd) содержит ошибки."
        exit 1
    fi
    
    
    systemctl restart httpd >/dev/null 2>&1
    systemctl enable httpd >/dev/null 2>&1
    
    WEBSERVER_SERVICE="httpd"
fi

systemctl restart mariadb >/dev/null 2>&1
systemctl restart redis-server >/dev/null 2>&1 || systemctl restart redis >/dev/null 2>&1 || true

systemctl enable mariadb >/dev/null 2>&1
systemctl enable redis-server >/dev/null 2>&1 || systemctl enable redis >/dev/null 2>&1 || true

if ! systemctl is-active --quiet $WEBSERVER_SERVICE; then
    log_error "Веб-сервер не запущен"
    exit 1
fi

if ! systemctl is-active --quiet mariadb; then
    log_error "MariaDB не запущен"
    exit 1
fi

if ! php -r "echo phpversion();" >/dev/null 2>&1; then
    log_error "PHP не работает корректно"
    exit 1
fi

IP_ADDR=$(hostname -I | awk '{print $1}')

echo ""
echo "Установка успешно завершена."
echo "      Доступ к сайту:"
echo "   • http://localhost/"
echo "   • http://$IP_ADDR/"
echo ""