#!/bin/sh

set -eu -o pipefail

prog=$(basename "$(readlink -f "$0")")
usage="${prog} URL_FILE WHITELIST_FILE BLOCKLIST_DIR"

die() {
  printf '%s: %s\n' "$prog" "$*" 1>&2
  exit 1
}

usage(){
  printf 'usage: %s\n' "$usage" 1>&2
  exit 2
}

case ${1:-} in
  -h|--help) usage ;;
esac

[ $# -eq 3 ] || usage

url_file=$1
whitelist_file=$2
blocklist_dir=$3

[ -d "$blocklist_dir" ] || die "not a directory: ${blocklist_dir}"

cd "$blocklist_dir"

# Delete any existing zone files.
find . -maxdepth 1 -type f -exec rm {} +

if grep -q '[^[:space:]]' "$whitelist_file"; then
  # If the whitelist file is non empty, compute a regex.
  while read -r pattern; do
    [ -n "$pattern" ] || continue
    whitelist_regex="${whitelist_regex:+"${whitelist_regex}|"}${pattern}"
  done < "$whitelist_file"

  # For each blocklist url, download the blocklist and filter out the whitelist.
  while read -r name url; do
    [ -n "$url" ] && curl -sSfL "$url" | grep -Ev "^(.*\\.)?(${whitelist_regex})[[:space:]]" > "${name}.zone"
  done < "$url_file"
else
  # If no whitelist configured, just download each blocklist.
  while read -r name url; do
    [ -n "$url" ] && curl -sSfL -o "${name}.zone" "$url"
  done < "$url_file"
fi

# Try to reload unbound.
unbound_pidfile=$(/usr/local/sbin/unbound-checkconf -o pidfile /usr/local/etc/unbound/unbound.conf)
kill -HUP "$(cat "$unbound_pidfile")" ||: