#!/bin/bash

## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -o errexit
set -o nounset
set -o errtrace
set -o pipefail

title="Screen Locker"
active_user_name="$(id -nu)"

user_list_str="$(/usr/libexec/helper-scripts/get-user-list)" || {
  question=""
  button="ok"
  msg="<p>Failed to get user list, cannot lock screen!</p>"
  /usr/libexec/msgcollector/generic_gui_message "error" "$title" "$msg" "$question" "$button"
  exit 1
}
readarray -t user_list <<< "$user_list_str"

password_status_list_str="$(leaprun get-password-status-list)" || {
  question=""
  button="ok"
  msg="<p>Failed to check user password status, cannot lock screen!</p>"
  /usr/libexec/msgcollector/generic_gui_message "error" "$title" "$msg" "$question" "$button"
  exit 1
}
readarray -t password_status_list <<< "$password_status_list_str"

for (( user_idx = 0; user_idx < ${#user_list[@]}; user_idx++ )); do
  if [ "${user_list[user_idx]}" = "${active_user_name}" ]; then
    break
  fi
done

if [[ "${password_status_list[user_idx]}" =~ ^Locked ]]; then
  question=""
  button="ok"
  msg="Refusing to lock screen, because current account '$active_user_name' has a locked password.

If the screen was locked, it would be impossible to unlock it. Please unlock the password (and if needed, set a password) to enable screen locking."
  msg="$(/usr/libexec/msgcollector/br_add "$msg")"
  /usr/libexec/msgcollector/generic_gui_message "error" "$title" "<p>$msg</p>" "$question" "$button"
  exit 1
fi

if [[ "${password_status_list[user_idx]}" =~ ^Restricted ]]; then
  question=""
  button="ok"
  msg="Refusing to lock screen, because current account '$active_user_name' has a locked password.

If the screen was locked, it would be impossible to unlock it. Please set a password to enable screen locking."
  msg="$(/usr/libexec/msgcollector/br_add "$msg")"
  /usr/libexec/msgcollector/generic_gui_message "error" "$title" "<p>$msg</p>" "$question" "$button"
  exit 1
fi

if [[ "${password_status_list[user_idx]}" =~ ^Absent ]]; then
  question=""
  button="ok"
  msg="Refusing to lock screen, because current account '$active_user_name' has no password set.

If the screen was locked, it would automatically unlock the moment any user input was received. Please set a password to enable screen locking."
  msg="$(/usr/libexec/msgcollector/br_add "$msg")"
  /usr/libexec/msgcollector/generic_gui_message "error" "$title" "<p>$msg</p>" "$question" "$button"
  exit 1
fi

case "$XDG_SESSION_TYPE" in
   x11)
      xscreensaver-command --lock
      ;;
   wayland)
      if [ -f /usr/share/kicksecure/marker ]; then
         swaylock --image /usr/share/kicksecure/kicksecure-desktop-background.png --scaling stretch
      elif [ -f /usr/share/anon-gw-base-files/gateway ]; then
         swaylock --color 77767b
      elif [ -f /usr/share/anon-ws-base-files/workstation ]; then
         swaylock --color 4098bf
      else
         swaylock --color 000000
      fi
      ;;
   *)
      question=""
      button="ok"
      msg="Refusing to lock screen, because the correct screen locker cannot be determined.

The XDG_SESSION_TYPE environment variable must be set to 'x11' or 'wayland' to determine the proper screen locker to use.

However, XDG_SESSION_TYPE is currently set to '$XDG_SESSION_TYPE'.

Please report this bug!"
      /usr/libexec/msgcollector/generic_gui_message "error" "$title" "<p>$msg</p>" "$question" "$button"
      exit 1
      ;;
esac
