#!/usr/bin/env bash

# --------------------
# This script checks whether the 'prosody' service has logged any Dovecot authentication errors within 
# the last check interval (MONITORING_INTERVAL)
#
# It is a good idea to run this script as a cron job every check interval minutes (MONITORING_INTERVAL).
# --------------------

LOGFILE="/var/log/prosody_auth_check.log"
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
DOVECOT_HOST="a.mx.oopen.de"
DOVECOT_PORT="44444"
MONITORING_INTERVAL=6

# Test 1: Ist Dovecot überhaupt erreichbar?
if ! timeout 8 bash -c "echo >/dev/tcp/$DOVECOT_HOST/$DOVECOT_PORT" 2>/dev/null; then
    echo "$TIMESTAMP WARN: Dovecot nicht erreichbar - Prosody-Restart wäre sinnlos, überspringe" >> $LOGFILE
    exit 1
fi

# Test 2: Genau der bekannte Fehler in den letzten 6 Minuten?
ERROR_COUNT=$(journalctl -u prosody --since "${MONITORING_INTERVAL} minutes ago" --no-pager 2>/dev/null | \
    grep -c "sasl_dovecot: Could not read from socket" || true)

if [ "$ERROR_COUNT" -gt 0 ]; then
    echo "$TIMESTAMP ERROR: sasl_dovecot socket-Fehler erkannt ($ERROR_COUNT×) – starte Prosody neu" >> $LOGFILE
    systemctl restart prosody
    sleep 5
    if systemctl is-active --quiet prosody; then
        echo "$TIMESTAMP OK: Prosody erfolgreich neugestartet" >> $LOGFILE
    else
        echo "$TIMESTAMP CRITICAL: Prosody-Neustart fehlgeschlagen!" >> $LOGFILE
    fi
    exit 0
fi

echo "$TIMESTAMP OK: Keine Auth-Fehler" >> $LOGFILE