#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'

MODE="${1:-dry}"   # dry | apply
BACKUP_EXT=".bak"

# Blocco testuale esatto da rimuovere (no espansione, no interpretazione)
read -r -d '' BLOCK <<'BLOCK'
<FilesMatch '.(py|exe|php|PHP|Php|PHp|pHp|pHP|pHP7|PHP7|phP|PhP|php5|suspected)$'>
Order allow,deny
Deny from all
</FilesMatch>
BLOCK

export BLOCK

# Trova tutti i .htaccess (gestisce nomi con spazi)
mapfile -d '' FILES < <(find . -type f -name ".htaccess" -print0)

if [ "${#FILES[@]}" -eq 0 ]; then
  echo "Nessun file .htaccess trovato."
  exit 0
fi

echo "Trovati ${#FILES[@]} file .htaccess. Modalità: $MODE"

# Perl one-liner: slurp, normalizza CRLF->LF, rimuove tutte le occorrenze letterali di $ENV{BLOCK}
PERL_PROG='BEGIN {
  $b = $ENV{"BLOCK"} // "";
  $b =~ s/\r\n?/\n/g;
}
local $/ = undef;
$_ = <>;               # slurp file
s/\r\n?/\n/g;          # normalize input EOL
# remove all literal occurrences of block (case-sensitive exact match)
s/\Q$b\E//g;
# collapse multiple blank lines
s/\n{3,}/\n\n/g;
# ensure final newline
$_ .= "\n" unless $_ =~ /\n\z/;
print $_;
'

for f in "${FILES[@]}"; do
  tmp="$(mktemp)"
  if ! perl -0777 -e "$PERL_PROG" "$f" > "$tmp"; then
    echo "Errore durante l'elaborazione di: $f" >&2
    rm -f "$tmp"
    continue
  fi

  if cmp -s "$f" "$tmp"; then
    rm -f "$tmp"
    echo "No match (nessuna modifica): $f"
    continue
  fi

  if [ "$MODE" = "dry" ]; then
    echo "=== DRY diff per $f ==="
    diff -u --label "orig: $f" --label "new: $f.new" "$f" "$tmp" | sed -n '1,200p' || true
    echo "=== fine diff ==="
    rm -f "$tmp"
  else
    cp --preserve=mode,timestamps "$f" "$f${BACKUP_EXT}"
    mv "$tmp" "$f"
    echo "Aggiornato: $f (backup: $f${BACKUP_EXT})"
  fi
done

echo "Completato."
exit 0