#! /bin/bash

# shellcheck source=../bin-helper.sh
. /usr/local/bin/bin-helper.sh

function usage { echo "Usage: ${0} [<unban> <ip-address>]" ; }

declare -a JAILS
for LIST in $(fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,/ /g')
do
  JAILS+=("${LIST}")
done

if [[ -z ${1} ]]
then
  IP_COUNT=0

  for JAIL in "${JAILS[@]}"
  do
    declare -a BANNED_IPS

    while read -r LINE
    do
      BANNED_IPS+=("$(echo "${LINE}" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')")
    done < <(iptables -L f2b-"${JAIL}" -n)

    if [[ ${#BANNED_IPS[@]} -ne 0 ]]
    then
      for BANNED_IP in "${BANNED_IPS[@]}"
      do
        echo "Banned in ${JAIL}: ${BANNED_IP}"
        IP_COUNT=$(( IP_COUNT + 1 ))
      done
    fi
  done

  if [[ ${IP_COUNT} -eq 0 ]]
  then
    echo "No IPs have been banned"
  fi
else
  case ${1} in
    unban)
      shift
      if [[ -n ${1} ]]
      then
        for JAIL in "${JAILS[@]}"
        do
          RESULT="$(fail2ban-client set "${JAIL}" unbanip "${@}")"

          if [[ ${RESULT} != *"is not banned"* ]] && [[ ${RESULT} != *"NOK"* ]]
          then
            echo -n "unbanned IP from ${JAIL}: "
            echo "${RESULT}"
          fi
        done
      else
        errex "You need to specify an IP address. Run \"./setup.sh debug fail2ban\" to get a list of banned IP addresses."
      fi
      ;;

    *)
      usage
      errex "unknown command: ${1}"
      ;;

    esac
fi