#!/bin/sh
# Master-Link API - Serve SecuBox IPK (pre-built or generated on-the-fly)
# GET  /api/master-link/ipk?token=TOKEN  — direct download / opkg install
# POST /api/master-link/ipk              — download with token in JSON body
# Auth: Token-validated

# Handle CORS preflight
if [ "$REQUEST_METHOD" = "OPTIONS" ]; then
	echo "Content-Type: text/plain"
	echo "Access-Control-Allow-Origin: *"
	echo "Access-Control-Allow-Methods: GET, POST, OPTIONS"
	echo "Access-Control-Allow-Headers: Content-Type"
	echo ""
	exit 0
fi

if [ "$REQUEST_METHOD" = "GET" ]; then
	# Load library
	. /usr/lib/secubox/master-link.sh >/dev/null 2>&1

	# Parse token from query string
	token=""
	if [ -n "$QUERY_STRING" ]; then
		token=$(echo "$QUERY_STRING" | sed -n 's/.*token=\([^&]*\).*/\1/p')
	fi

	if [ -z "$token" ]; then
		echo "Content-Type: application/json"
		echo "Access-Control-Allow-Origin: *"
		echo ""
		echo '{"error":"missing_token","hint":"GET with ?token=TOKEN"}'
		exit 0
	fi

	# ml_ipk_serve handles all headers (Content-Type, Content-Length, etc.)
	ml_ipk_serve "$token"
	exit 0
fi

if [ "$REQUEST_METHOD" != "POST" ]; then
	echo "Content-Type: application/json"
	echo "Access-Control-Allow-Origin: *"
	echo ""
	echo '{"error":"method_not_allowed"}'
	exit 0
fi

# POST: token in JSON body
. /usr/lib/secubox/master-link.sh >/dev/null 2>&1

read -r input
token=$(echo "$input" | jsonfilter -e '@.token' 2>/dev/null)

if [ -z "$token" ]; then
	echo "Content-Type: application/json"
	echo "Access-Control-Allow-Origin: *"
	echo ""
	echo '{"error":"missing_token"}'
	exit 0
fi

ml_ipk_serve "$token"