#!/bin/bash

## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -o errexit
set -o nounset
set -o errtrace
set -o pipefail

# shellcheck source=../share/mediawiki-shell/common
source /usr/share/mediawiki-shell/common

log info "START"

usage() {
  printf '%s\n' "Usage: ${0##*/} WIKI PAGE
Example:
  ${0##*/} 'https://www.kicksecure.com/w' File:10b.png" >&2
  exit 1
}

if [[ -z "${2-}" || "${1-}" =~ (-h|--help) ]]; then
  usage
fi

WIKI_URL="$1"
page_file="$2"

check_vars_exist page_file

# shellcheck source=../share/mediawiki-shell/wiki-config
source /usr/share/mediawiki-shell/wiki-config

log info "WIKI_URL : $WIKI_URL"
log info "WIKI_API : $WIKI_API"
log info "page_file: $page_file"

#mw-login-test "$WIKI_URL"

log info "Requesting revid...         ${TMPFOLDER}/revid.json"

cur_run \
  "${curl_opts[@]}" \
  --output "${TMPFOLDER}/revid.json" \
  "${WIKI_API}?format=json&action=query&prop=info%7Cflagged&titles=${page_file}"

lastrevid=$(jq -r ".query.pages[].lastrevid" -- "${TMPFOLDER}/revid.json")

if grep -E -- '^[0-9]+$' <<<"$lastrevid" >/dev/null 2>&1; then
  true "Valid number."
else
  die 1 "lastrevid not numeric!"
fi

log info "Requesting csrf_token...    ${TMPFOLDER}/csrf_token.json"

curl_run \
  "${curl_opts[@]}" \
  --cookie "$cookie_jar" \
  --cookie-jar "$cookie_jar" \
  --header "Content-Type: application/json" \
  --header "Accept-Language: en-GB" \
  --header "Connection: keep-alive" \
  --output "${TMPFOLDER}/csrf_token.json" \
  --request "POST" \
  "${WIKI_API}?action=query&meta=tokens&type=csrf&format=json"

csrf_token=$(jq --raw-output '.query.tokens.csrftoken' -- "${TMPFOLDER}/csrf_token.json")

## not login-token
#csrf_token=$(jq --raw-output '.query.tokens.csrftoken' -- "${TMPFOLDER}/login-token.json")

## Sensitive?
#log info "XXX csrf_token: $csrf_token"

comment="mediawiki-shell-bot-flagged-revisions-mass-approve"

log info "Requesting review-result... ${TMPFOLDER}/review-result.json"

curl_run \
  "${curl_opts[@]}" \
  --cookie "$cookie_jar" \
  --cookie-jar "$cookie_jar" \
  --output "${TMPFOLDER}/review-result.json" \
  --silent \
  --data-urlencode "token=${csrf_token}" \
  "${WIKI_API}?format=json&action=review&revid=${lastrevid}&flag_accuracy=1&comment=${comment}"

## XXX: Sometimes API login timeout.
# {
#   "error": {
#     "code": "permissiondenied",
#     "info": "You don't have permission to review revisions.",
#     "*": "See https://www.kicksecure.com/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/postorius/lists/mediawiki-api-annoueprecations and breaking changes."
#   }
# }

# {
#   "error": {
#     "code": "internal_api_error_LogicException",
#     "info": "[1d001d90905f962f0a6548bf] Caught exception of type LogicException",
#     "errorclass": "LogicException"
#   }
# }

# curl_run \
#    "${curl_opts[@]}" \
#    --cookie "$cookie_jar" \
#    --cookie-jar "$cookie_jar" \
#    --output "${TMPFOLDER}/review-result.json" \
#    --silent \
#    --data-urlencode "token=${csrf_token}" \
#    "${WIKI_API}?format=json&action=stabilize&title=${page_file}&default=stable&reason=${comment}"

review_result=$(jq --raw-output '.review.result' -- "${TMPFOLDER}/review-result.json")

if [ "$review_result" = "Success" ]; then
  log info "Success."
  exit 0
fi

printf '%s\n' "${TMPFOLDER}/review-result.json"
jq -- "${TMPFOLDER}/review-result.json"

review_error_code=$(jq --raw-output '.error.code' -- "${TMPFOLDER}/review-result.json")
if [ "$review_error_code" = "notreviewable" ]; then
  log notice "notreviewable"
  exit 0
fi

if [ "$review_error_code" = "permissiondenied" ]; then
  die 254 "permissiondenied"
fi

log bug "Error."
exit 1
