WORK_DIR="/var/lib/expressvpn"
gen_key() {
  /usr/bin/expressvpnd --workdir "$WORK_DIR/" generate-client-ca > /dev/null 2>&1
  /usr/bin/expressvpnd --workdir "$WORK_DIR/" generate-client-certs > /dev/null 2>&1
  /usr/bin/chmod 644 "$WORK_DIR/certs/client.key" > /dev/null 2>&1
  /usr/bin/rm -f "$WORK_DIR/certs/client.req" > /dev/null 2>&1
  /usr/bin/rm -f "$WORK_DIR/certs/clientca.srl" > /dev/null 2>&1
}

upgrade_userdata() {
  local CLIENT_VERSION=$(/usr/bin/echo $1 | /usr/bin/cut -d '.' -f 1-3)
  local BUILD_VERSION=$(/usr/bin/echo ${1%_*} | /usr/bin/cut -d '.' -f 4)

  # Upgrade userdata to v2
  if [ -e "$WORK_DIR/userdata.dat" -a ! -e "$WORK_DIR/userdata2.dat" ]; then
    mv "$WORK_DIR/userdata.dat" "$WORK_DIR/userdata2.dat"
  fi

  if [ -e "$WORK_DIR/userdata2.dat" -a ! -e "$WORK_DIR/data/e21fb121.bin" ]; then
    /usr/bin/printf " Upgrading userdata...\n"

    mkdir -p "$WORK_DIR/data"
    chmod 700 "$WORK_DIR/data"
    /usr/sbin/expressvpnd \
      --workdir "$WORK_DIR" \
      --client-version "$CLIENT_VERSION" \
      --client-build "$BUILD_VERSION" \
      migrate 2>&1
  fi
}

post_install() {
  gen_key
  /usr/bin/printf "----------------------------------------------\n"
  /usr/bin/printf " Start the expressvpn daemon with\n"
  /usr/bin/printf "     # systemctl start expressvpn.service\n"
  /usr/bin/printf " Then activate your expressVPN account with\n"
  /usr/bin/printf "     $ expressvpn activate [activation code]\n"
  /usr/bin/printf " (Your activation code can be found at\n"
  /usr/bin/printf " https://www.expressvpn.com/subscriptions)\n"
  /usr/bin/printf "\n"
  /usr/bin/printf " Once activated, Use 'expressvpn list' to\n"
  /usr/bin/printf " list servers and 'expressvpn connect [id]' \n"
  /usr/bin/printf " to connect to your preferred server.\n"
  /usr/bin/printf " See 'expressvpn help' for more information.\n"
  /usr/bin/printf "\n"
  /usr/bin/printf " Please note that ExpressVPN now offer a\n"
  /usr/bin/printf " native Arch Linux package on their website.\n"
  /usr/bin/printf "----------------------------------------------\n"
}

post_upgrade() {
  gen_key
  /usr/bin/expressvpn-agent --kill-existing 2>/dev/null
  /usr/bin/printf "--------------------------------------------------\n"
  upgrade_userdata $1
  /usr/bin/printf "\n"
  /usr/bin/printf " You will need to re-start the expressvpn daemon:\n"
  /usr/bin/printf "     # systemctl start expressvpn.service\n"
  /usr/bin/printf "--------------------------------------------------\n"
}

post_remove() {
  /usr/bin/rm -f "$WORK_DIR/certs/client.key"
  /usr/bin/rm -f "$WORK_DIR/certs/client.crt"
  /usr/bin/rm -f "$WORK_DIR/certs/client.p12"
  /usr/bin/rm -f "$WORK_DIR/certs/clientca.crt"
  /usr/bin/rm -f "$WORK_DIR/certs/clientca.key"
  /usr/bin/printf " NOTE: You may need to clean up residual artefacts from /var/lib/expressvpn manually\n"
}

pre_remove() {
  # Disconnect before remove. OK to fail.
  if /usr/bin/expressvpn status 2>/dev/null | grep -q Connected; then
    /usr/bin/expressvpn disconnect > /dev/null 2>&1 || true
  fi

  # Stop expressvpn daemon
  if [ -x /usr/bin/systemctl ]; then
    /usr/bin/systemctl stop expressvpn &>/dev/null
  fi
}

pre_upgrade() {
  pre_remove
  if grep -q "Generated by expressvpn" /etc/resolv.conf; then
    # reset chattr
    [ -x /usr/bin/chattr ] && /usr/bin/chattr -i /etc/resolv.conf &>/dev/null || true

    # restore previous resolv.conf
    BAKFILE="$WORK_DIR/resolv.conf.orig"
    if [ -L "$BAKFILE" ]; then
      mv "$BAKFILE" /etc/resolv.conf
    elif [ -f "$BAKFILE" ]; then
      cat "$BAKFILE" > /etc/resolv.conf
      rm "$WORK_DIR/resolv.conf.orig"
    fi
  fi
}