type: update
name: Add SFTP User

targetNodes:
  nodeGroup: cp

user: root

globals:
  username: "user-${fn.random(10000,99999)}"
  password: ${fn.password(min)}
  
actions:
  add_sftp_user:
    cmd[${nodes.cp.master.id}]: |-
      # Extract the provided details
      USERNAME=${globals.username}
      PASSWORD=${fn.password(min)}
      ROOT_DIRECTORY=/var/www/webroot/ROOT
      ENABLE_SSH=false
      EMAILS=${user.email}

      # Check if user already exists
      if id "$USERNAME" &>/dev/null; then
          echo '{"result": "error", "message": "Error: User $USERNAME already exists."}'
          exit 1
      fi

      # Check if home directory exists
      if [ -d "$ROOT_DIRECTORY" ]; then
          echo "Warning: Home directory $ROOT_DIRECTORY already exists."
      fi

      # Detect the group of the home directory
      GROUP=$(stat -c '%G' $ROOT_DIRECTORY)

      # Create the user with the detected group and appropriate home directory
      useradd -m -d $ROOT_DIRECTORY -g $GROUP $USERNAME

      # Set the password for the user
      echo "$USERNAME:$PASSWORD" | chpasswd

      # Ensure the user's home directory exists and has the correct permissions
      mkdir -p $ROOT_DIRECTORY
      chown $USERNAME:$GROUP $ROOT_DIRECTORY

      # Reassign ownership of webroot path to root:detected_group
      chown -R root:$GROUP /var/www

      # Add configuration to sshd_config
      echo "Match Group $GROUP" >> /etc/ssh/sshd_config
      echo "  ChrootDirectory $ROOT_DIRECTORY" >> /etc/ssh/sshd_config
      echo "  PasswordAuthentication yes" >> /etc/ssh/sshd_config
      echo "  ForceCommand internal-sftp" >> /etc/ssh/sshd_config

      # Set up bash access
      cd /var/www/webroot
      mkdir -p bin lib lib64
      cp /bin/bash bin/
      cp /lib64/libtinfo.so.5 /lib64/libdl.so.2 /lib64/libc.so.6 /lib64/ld-linux-x86-64.so.2 lib64/

      # Restart SSH
      systemctl restart sshd

      exit 0      

success:
    email: "Username: ${globals.username}, Password: ${globals.password}"
    text:
        en: "Username: ${globals.username}, Password: ${globals.password}"
    
settings:
  sftpForm:
    fields:
    - type: string
      inputType: text
      name: username
      caption: Username
      placeholder: ${globals.username}
      disabled: true
      required: false
    - type: string
      inputType: password
      name: password
      caption: Password
      placeholder: ${fn.password(min)}
      disabled: true
      required: false
    - type: string
      inputType: text
      name: root_directory
      caption: Root Directory
      default: "/var/www/webroot/ROOT"
      required: true
    - type: checkbox
      name: enable_ssh
      caption: Also enable SSH access
      default: false
      
buttons:
  - settings: sftpForm
    action: add_sftp_user
    caption: Add SFTP User
    confirmText: "Are you sure you want to add this SFTP user?"