#!/bin/bash

# log
log_path="/var/log/zlog"
log_file="/var/log/zlog/apt.log"
do_log() {
    local run_time=$(date "+%Y-%m-%d %H:%M:%S")
    local run_user=$(id -un)
    local run_cmd="apt $@"
    echo "[$run_time]		$run_user		$run_cmd" >> "$log_file"
}

# Configuration file path
disallowed_packages_conf="/etc/disallowed_packages.conf"

# Read the disallowed package names from the configuration file
disallowed_packages=($(grep -v '^#' "$disallowed_packages_conf")) # Exclude comments

# Function to execute apt command
execute_apt() {
    /usr/bin/apt "$@"
}

# Function to print a message in red color
print_in_red() {
    echo -e "\033[31m$1\033[0m" >&2
}

# Function to check if a package is disallowed
is_disallowed_package() {
    local pkg="$1"
    for disallowed in "${disallowed_packages[@]}"; do
        if [[ "$pkg" == "$disallowed" ]]; then
            return 0 # Package is disallowed
        fi
    done
    return 1 # Package is allowed
}

# Function to check if a command is restricted
is_restricted_command() {
    local cmd="$1"
    local restricted_commands=(install reinstall remove purge upgrade full-upgrade)
    for restricted in "${restricted_commands[@]}"; do
        if [[ "$cmd" == "$restricted" ]]; then
            read -p "Running the command 'apt $cmd' may cause some TOS functions to not work properly. Are you sure you want to continue? (yes/no) " ch
            while true; do 
                case "$ch" in
                    [Yy][Ee][Ss])
                        return 0 # Cmd is restricted
                        ;;
                    [Nn][Oo])
                        echo "Operation aborted."
                        exit 0
                        ;;
                    *)
                        read -p "Please type 'yes' or 'no': " ch
                        ;;
                esac
            done
        fi
    done
    return 1 # Cmd is allowed
}

# Function to get the package name from the command arguments
get_package_name_from_args() {
    local found_packages=()
    for arg in "$@"; do
        if [[ "$arg" =~ ^[^-] ]]; then # If the parameter is not an option starting with "-"
            found_packages+=("$arg")
        fi
    done
    echo "${found_packages[@]}"
}

# Function to check and execute the command
check_and_execute_cmd() {
    local cmd="$1"; shift
    local args=("$@") # Use the remaining parameters as an array

    if is_restricted_command "$cmd"; then
        # Get the package names, if they exist
        local packages=($(get_package_name_from_args "${args[@]}"))
        local pkgs=()

        # Check each package if it is in the disallowed package list
        for package in "${packages[@]}"; do
            if is_disallowed_package "$package"; then
                pkgs+=("$package")
            fi
        done

        if [ ${#pkgs[@]} -eq 0 ]; then
            if [[ "$cmd" == "upgrade" || "$cmd" == "full-upgrade" ]] && [ ${#args[@]} -eq 0 ]; then
                print_in_red "You are not authorized to $cmd."
                return 1
            fi
        else
            print_in_red "You are not authorized to $cmd the package(s): ${pkgs[*]}."
            return 1
        fi       
    fi
    
    # Execute the command with the package name
    execute_apt "$cmd" "${args[@]}"
}

if [ -L "$log_path" ] && [ -d "$log_path" ];then
    do_log "$@"
fi    
check_and_execute_cmd "$@"
