#!/bin/bash

PASSWD_FILE="/etc/squid/passwd"

# Ensure htpasswd is installed
if ! command -v htpasswd &>/dev/null; then
  echo "❌ 'htpasswd' not found. Please install apache2-utils (Debian/Ubuntu) or httpd-tools (RHEL/CentOS)."
  exit 1
fi

# Ensure script is run as root
if [[ $EUID -ne 0 ]]; then
  echo "❌ This script must be run as root."
  exit 1
fi

# Prompt for username
read -rp "👤 Enter Squid proxy username: " username
if [[ -z "$username" ]]; then
  echo "❌ Username cannot be empty."
  exit 1
fi

# Create the password file only if it doesn't exist
if [[ ! -f "$PASSWD_FILE" ]]; then
  echo "🔧 Creating new password file at $PASSWD_FILE"
  htpasswd -c "$PASSWD_FILE" "$username"
else
  # Check if user exists
  if grep -q "^$username:" "$PASSWD_FILE"; then
    echo "⚠️  User '$username' already exists."
    read -rp "🔄 Update password? (y/N): " answer
    if [[ "$answer" =~ ^[Yy]$ ]]; then
      htpasswd "$PASSWD_FILE" "$username"
    else
      echo "❌ Aborted."
      exit 1
    fi
  else
    htpasswd "$PASSWD_FILE" "$username"
  fi
fi

# Fix permissions
chmod 640 "$PASSWD_FILE"
chown proxy:proxy "$PASSWD_FILE" 2>/dev/null || chown squid:squid "$PASSWD_FILE" 2>/dev/null

echo "✅ User '$username' is set up for Squid."