# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>

pkgname=authentik
pkgver=2023.10.7
pkgrel=0
pkgdesc="An open-source Identity Provider focused on flexibility and versatility"
url="https://github.com/goauthentik/authentik"
# py3-xmlsec needs some work
arch="all"
license="MIT"
depends="
	libcap-setcap
	postgresql
	procps
	pwgen
	py3-aiohttp
	py3-aiosignal
	py3-amqp
	py3-anyio
	py3-asgiref
	py3-asn1
	py3-asn1crypto
	py3-async-timeout
	py3-attrs
	py3-autobahn
	py3-automat
	py3-bcrypt
	py3-billiard
	py3-cachetools
	py3-cbor2
	py3-celery
	py3-certifi
	py3-cffi
	py3-channels
	py3-channels_redis
	py3-charset-normalizer
	py3-click
	py3-click-didyoumean
	py3-click-plugins
	py3-click-repl
	py3-codespell
	py3-colorama
	py3-constantly
	py3-cparser
	py3-cryptography
	py3-dacite
	py3-daphne
	py3-dateutil
	py3-deepmerge
	py3-defusedxml
	py3-deprecated
	py3-dnspython
	py3-django
	py3-django-filter
	py3-django-guardian
	py3-django-model-utils
	py3-django-otp
	py3-django-prometheus
	py3-django-redis
	py3-django-rest-framework
	py3-django-rest-framework-guardian
	py3-docker-py
	py3-dotenv
	py3-dumb-init
	py3-duo_client
	py3-drf-spectacular
	py3-email-validator
	py3-facebook-sdk
	py3-flower
	py3-frozenlist
	py3-geoip2
	py3-google-auth
	py3-gunicorn
	py3-h11
	py3-httptools
	py3-humanize
	py3-hyperlink
	py3-idna
	py3-incremental
	py3-inflection
	py3-jsonschema
	py3-jsonpatch
	py3-jwt
	py3-kombu
	py3-kubernetes
	py3-ldap3
	py3-lxml
	py3-maxminddb
	py3-msgpack
	py3-multidict
	py3-oauthlib
	py3-opencontainers
	py3-openssl
	py3-packaging
	py3-paramiko
	py3-parsing
	py3-prometheus-client
	py3-prompt_toolkit
	py3-psycopg
	py3-psycopg-c
	py3-pycryptodome
	py3-pydantic-scim
	py3-pynacl
	py3-pyrsistent
	py3-python-jwt
	py3-redis
	py3-requests
	py3-requests-oauthlib
	py3-rsa
	py3-sentry-sdk
	py3-service_identity
	py3-setuptools
	py3-six
	py3-sniffio
	py3-sqlparse
	py3-structlog
	py3-swagger-spec-validator
	py3-tornado
	py3-twilio
	py3-twisted
	py3-txaio
	py3-typing-extensions
	py3-tz
	py3-ua-parser
	py3-uritemplate
	py3-urllib3-secure-extra
	py3-uvloop
	py3-vine
	py3-watchdog
	py3-watchfiles
	py3-wcwidth
	py3-webauthn
	py3-websocket-client
	py3-websockets
	py3-wrapt
	py3-wsproto
	py3-xmlsec
	py3-yaml
	py3-yarl
	py3-zope-interface
	py3-zxcvbn
	redis
	uvicorn
	"
makedepends="go npm"
# checkdepends scooped up by poetry due to number
checkdepends="poetry py3-coverage"
# tests disabled for now
options="!check chmod-clean"
install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install"
source="
	$pkgname-$pkgver.tar.gz::https://github.com/goauthentik/authentik/archive/refs/tags/version/$pkgver.tar.gz
	authentik.openrc
	authentik-worker.openrc
	authentik-ldap.openrc
	authentik-ldap.conf
	authentik-manage.sh
	root-settings-csrf_trusted_origins.patch
	"
builddir="$srcdir/"authentik-version-$pkgver
subpackages="$pkgname-openrc $pkgname-doc"

export GOPATH=$srcdir/go
export GOCACHE=$srcdir/go-build
export GOTMPDIR=$srcdir

build() {
	msg "Building authentik-ldap"
	go build -o ldap cmd/ldap/main.go
	msg "Building authentik-proxy"
	go build -o proxy cmd/proxy/main.go
	msg "Building authentik-radius"
	go build -o radius cmd/proxy/main.go
	msg "Building authentik-server"
	go build -o server cmd/server/*.go

	msg "Building authentik-web"
	cd web
	npm ci --no-audit
	npm run build
	cd ..

	msg "Building website"
	cd website
	npm ci --no-audit
	npm run build
}

check() {
	poetry install --only dev
	make test
}

package() {
	msg "Packaging $pkgname"
	mkdir -p "$pkgdir"/usr/share/webapps/authentik/web
	mkdir -p "$pkgdir"/usr/share/webapps/authentik/website
	mkdir -p "$pkgdir"/var/lib/authentik
	mkdir -p "$pkgdir"/usr/share/doc
	mkdir -p "$pkgdir"/usr/bin
	cp -dr "$builddir"/authentik "$pkgdir"/usr/share/webapps/authentik
	cp -dr "$builddir"/web/dist "$pkgdir"/usr/share/webapps/authentik/web/dist
	cp -dr "$builddir"/web/authentik "$pkgdir"/usr/share/webapps/authentik/web/authentik
	cp -dr "$builddir"/website/build "$pkgdir"/usr/share/doc/authentik
	cp -dr "$builddir"/tests "$pkgdir"/usr/share/webapps/authentik/tests
	cp -dr "$builddir"/lifecycle "$pkgdir"/usr/share/webapps/authentik/lifecycle
	cp -dr "$builddir"/locale "$pkgdir"/usr/share/webapps/authentik/locale
	cp -dr "$builddir"/blueprints "$pkgdir"/var/lib/authentik/blueprints
	install -Dm755 "$builddir"/manage.py "$pkgdir"/usr/share/webapps/authentik/manage.py
	install -Dm755 "$builddir"/server "$pkgdir"/usr/share/webapps/authentik/server
	ln -s "/etc/authentik/config.yml" "$pkgdir"/usr/share/webapps/authentik/local.env.yml

	install -Dm755 "$builddir"/proxy "$pkgdir"/usr/bin/authentik-proxy
	install -Dm755 "$builddir"/ldap "$pkgdir"/usr/bin/authentik-ldap
	install -Dm755 "$builddir"/radius "$pkgdir"/usr/bin/authentik-radius

	install -Dm755 "$srcdir"/$pkgname.openrc \
		"$pkgdir"/etc/init.d/$pkgname
	install -Dm755 "$srcdir"/$pkgname-worker.openrc \
		"$pkgdir"/etc/init.d/$pkgname-worker
	install -Dm755 "$srcdir"/$pkgname-ldap.openrc \
		"$pkgdir"/etc/init.d/$pkgname-ldap
	install -Dm640 "$srcdir"/$pkgname-ldap.conf \
		"$pkgdir"/etc/conf.d/$pkgname-ldap
	install -Dm640 "$builddir"/authentik/lib/default.yml \
		"$pkgdir"/etc/authentik/config.yml
	sed -i 's|cert_discovery_dir.*|cert_discovery_dir: /var/lib/authentik/certs|' "$pkgdir"/etc/authentik/config.yml
	sed -i 's|blueprints_dir.*|blueprints_dir: /var/lib/authentik/blueprints|' "$pkgdir"/etc/authentik/config.yml
	sed -i 's|template_dir.*|template_dir: /var/lib/authentik/templates|' "$pkgdir"/etc/authentik/config.yml
	printf "\ncsrf:\n  trusted_origins: ['auth.example.com']" >> "$pkgdir"/etc/authentik/config.yml
	printf "\nsecret_key: '@@SECRET_KEY@@'" >> "$pkgdir"/etc/authentik/config.yml

	# Install wrapper script to /usr/bin.
	install -m755 -D "$srcdir"/authentik-manage.sh "$pkgdir"/usr/bin/authentik-manage
}

sha512sums="
73d11fa0868b81a714ffd3da1869ee58387300863ec6951ee37d0ed332681f669153cfae8643f54fb5b4af8a95078de240d5636854f046b9d606f01ad6e71569  authentik-2023.10.7.tar.gz
4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  authentik.openrc
5d7f28bf5a9f358a0fc3634b2bac6d070c276c3f8181d26fa7e94a17503a4d54556bf7c3207ccd6cb924b81754ed965795d5e2a8aa1af409fd9e32d390ec4cf5  authentik-worker.openrc
351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17  authentik-ldap.openrc
89ee5f0ffdade1c153f3a56ff75b25a7104aa81d8c7a97802a8f4b0eab34850cee39f874dabe0f3c6da3f71d6a0f938f5e8904169e8cdd34d407c8984adee6b0  authentik-ldap.conf
d2df285e09d05bb78b17cdbf156cb19883764d0ae61d4c8faed599c015277b75c3f51e5fcb35e01fc25d5847f667ff2089d5e6c48b85a3a6b4523278b2eea89d  authentik-manage.sh
a50ceddb239851d869212cd5064df117ab977d0e01bf0bc5fa7b5fa6e6428a4af59f802ca223a7e840753f86bfdb0df17d330f9ba4cbaa30a167f51d8aecb9bd  root-settings-csrf_trusted_origins.patch
"