#!/bin/bash

set -e

GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

print_success() {
  echo -e "${GREEN}$1${NC}"
}

print_error() {
  echo -e "${RED}$1${NC}"
}

print_info() {
  echo -e "${YELLOW}$1${NC}"
}

check_fingerprint_hardware() {
  if ! lsusb | grep -Eiq 'fingerprint|synaptics|goodix|elan|validity'; then
    print_error "\nNo fingerprint sensor detected."
    return 1
  fi
  return 0
}

setup_pam_config() {
  # Configure sudo
  if ! grep -q pam_fprintd.so /etc/pam.d/sudo; then
    print_info "Configuring sudo for fingerprint authentication..."
    sudo sed -i '1i auth    sufficient pam_fprintd.so' /etc/pam.d/sudo
  fi

  # Configure polkit
  if [ -f /etc/pam.d/polkit-1 ] && ! grep -q 'pam_fprintd.so' /etc/pam.d/polkit-1; then
    print_info "Configuring polkit for fingerprint authentication..."
    sudo sed -i '1i auth      sufficient pam_fprintd.so' /etc/pam.d/polkit-1
  elif [ ! -f /etc/pam.d/polkit-1 ]; then
    print_info "Creating polkit configuration with fingerprint authentication..."
    sudo tee /etc/pam.d/polkit-1 >/dev/null <<'EOF'
auth      sufficient pam_fprintd.so
auth      required pam_unix.so

account   required pam_unix.so
password  required pam_unix.so
session   required pam_unix.so
EOF
  fi
}

remove_pam_config() {
  # Remove from sudo
  if grep -q pam_fprintd.so /etc/pam.d/sudo; then
    print_info "Removing fingerprint authentication from sudo..."
    sudo sed -i '/pam_fprintd\.so/d' /etc/pam.d/sudo
  fi

  # Remove from polkit
  if [ -f /etc/pam.d/polkit-1 ] && grep -Fq 'pam_fprintd.so' /etc/pam.d/polkit-1; then
    print_info "Removing fingerprint authentication from polkit..."
    sudo sed -i '/pam_fprintd\.so/d' /etc/pam.d/polkit-1
  fi
}

if [[ "--remove" == "$1" ]]; then
  print_success "Removing fingerprint scanner from authentication.\n"

  # Remove PAM configuration
  remove_pam_config

  # Uninstall packages
  print_info "Removing fingerprint packages..."
  sudo pacman -Rns --noconfirm fprintd

  print_success "Fingerprint authentication has been completely removed."
else
  print_success "Setting up fingerprint scanner for authentication.\n"

  # Install required packages
  print_info "Installing required packages..."
  sudo pacman -S --noconfirm --needed fprintd usbutils

  if ! check_fingerprint_hardware; then
    exit 1
  fi

  # Configure PAM
  setup_pam_config

  # Enroll first fingerprint
  print_success "\nLet's setup your right index finger as the first fingerprint."
  print_info "Keep moving the finger around on sensor until the process completes.\n"

  if sudo fprintd-enroll "$USER"; then
    print_success "\nFingerprint enrolled successfully!"

    # Verify
    print_info "\nNow let's verify that it's working correctly.\n"
    if fprintd-verify; then
      print_success "\nPerfect! Fingerprint authentication is now configured."
      print_info "You can use your fingerprint for sudo, polkit, and lock screen (Super + Escape)."
    else
      print_error "\nVerification failed. You may want to try enrolling again."
    fi
  else
    print_error "\nEnrollment failed. Please try again."
    exit 1
  fi
fi
