#!/bin/bash

################################################################################
# Toolkit Trace Eraser
################################################################################
# Purpose: Remove all traces of toolkit usage from system
# Use Case: Privacy - ensure no record of toolkit installation/usage
################################################################################

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true

print_banner "Toolkit Trace Eraser"

echo ""
echo "This will remove all traces of the Server Toolkit from:"
echo "  • Bash history (all toolkit-related commands)"
echo "  • System logs (toolkit operations)"
echo "  • Download records"
echo "  • Temporary files"
echo ""
echo -e "${RED}WARNING: This cannot be undone!${NC}"
echo ""
read -p "Are you sure you want to proceed? (yes/no): " confirm

if [ "$confirm" != "yes" ]; then
    echo "Cancelled."
    exit 0
fi

echo ""
echo "Removing traces..."
echo ""

# Patterns to remove from history
PATTERNS=(
    "server-toolkit"
    "Linux-Server-Management-Toolkit"
    "git.mull.lol.*toolkit"
    "launcher.sh"
    "bot-analyzer"
    "cphulk"
    "live-attack-monitor"
    "system-health-check"
    "/root/server-toolkit"
    "toolkit.tar.gz"
    "curl.*mull.lol"
    "wget.*mull.lol"
    "git clone.*mull.lol"
    "erase-toolkit-traces"
)

# Clean bash history for root
if [ -f ~/.bash_history ]; then
    echo "→ Cleaning root bash history..."
    cp ~/.bash_history ~/.bash_history.bak

    for pattern in "${PATTERNS[@]}"; do
        sed -i "/$pattern/d" ~/.bash_history
    done

    # Also clean in-memory history
    for pattern in "${PATTERNS[@]}"; do
        history | grep -i "$pattern" | awk '{print $1}' | while read -r num; do
            history -d "$num" 2>/dev/null
        done
    done

    echo "  ✓ Root history cleaned"
fi

# Clean bash history for all users
echo "→ Checking user histories..."
for user_home in /home/*; do
    if [ -f "$user_home/.bash_history" ]; then
        username=$(basename "$user_home")
        echo "  → Cleaning history for $username..."

        for pattern in "${PATTERNS[@]}"; do
            sed -i "/$pattern/d" "$user_home/.bash_history"
        done

        echo "    ✓ Cleaned"
    fi
done

# Clean system logs
echo "→ Cleaning system logs..."
if [ -f /var/log/messages ]; then
    for pattern in "${PATTERNS[@]}"; do
        sed -i "/$pattern/d" /var/log/messages 2>/dev/null
    done
fi

if [ -f /var/log/secure ]; then
    for pattern in "${PATTERNS[@]}"; do
        sed -i "/$pattern/d" /var/log/secure 2>/dev/null
    done
fi

echo "  ✓ System logs cleaned"

# Clean auth logs
echo "→ Cleaning auth logs..."
for log in /var/log/auth.log* /var/log/secure*; do
    if [ -f "$log" ]; then
        for pattern in "${PATTERNS[@]}"; do
            sed -i "/$pattern/d" "$log" 2>/dev/null
        done
    fi
done
echo "  ✓ Auth logs cleaned"

# Remove toolkit download artifacts
echo "→ Removing download artifacts..."
rm -f /root/toolkit.tar.gz 2>/dev/null
rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
rm -f /tmp/toolkit*.tar.gz 2>/dev/null
rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
echo "  ✓ Download artifacts removed"

# Remove toolkit temp files
echo "→ Removing temporary files..."
rm -rf /tmp/live-monitor-* 2>/dev/null
rm -rf /tmp/server-toolkit-* 2>/dev/null
echo "  ✓ Temp files removed"

# Clean last log and audit trails
echo "→ Cleaning lastlog and wtmp..."
# Note: We don't modify lastlog/wtmp as it might break system auditing
echo "  ✓ Skipped (would break system auditing)"

# Remove toolkit logs
echo "→ Removing toolkit logs..."
rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null
rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null
echo "  ✓ Toolkit logs removed"

# Clean reference database
echo "→ Removing reference database..."
rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null
rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null
echo "  ✓ Reference database removed"

# Offer to remove the entire toolkit
echo ""
echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}"
echo "This will delete: $SCRIPT_DIR"
echo ""
read -p "Remove entire toolkit directory? (yes/no): " remove_dir

if [ "$remove_dir" = "yes" ]; then
    echo ""
    echo "Removing toolkit directory..."
    cd /root
    rm -rf "$SCRIPT_DIR"
    echo ""
    echo -e "${GREEN}✓ Toolkit completely removed${NC}"
    echo ""
    echo "All traces have been erased."
    exit 0
else
    echo ""
    echo -e "${GREEN}✓ History and logs cleaned${NC}"
    echo ""
    echo "Toolkit directory remains at: $SCRIPT_DIR"
    echo "You can manually remove it later with: rm -rf $SCRIPT_DIR"
fi

echo ""
echo "Note: Active shell sessions may still have history in memory."
echo "Consider logging out and back in for complete cleanup."
echo ""