#!/bin/bash

if [ $# -lt 5 ]; then
  echo "Usage: $0 <username> <password> <admin:true|false> <matrix server domain> <shared_secret> [displayname]"
  exit 1
fi

username="$1"
password="$2"
is_admin="$3"
domain="$4"
shared_secret="$5"
displayname="${6:-$username}"

if [ "$is_admin" == "true" ]; then
  admin_flag="admin"
  admin_bool=true
else
  admin_flag="notadmin"
  admin_bool=false
fi

# nonce
nonce=$(curl -s -X GET "https://$domain/_synapse/admin/v1/register" | jq -r '.nonce')

if [ -z "$nonce" ] || [ "$nonce" == "null" ]; then
  echo "Failed to get nonce from server."
  exit 1
fi

# HMAC digest (hex) using null byte separators
mac=$(printf '%s\0%s\0%s\0%s' "$nonce" "$username" "$password" "$admin_flag" | \
  openssl dgst -sha1 -hmac "$shared_secret" | awk '{print $2}')

# registration request
response=$(curl -s -X POST "https://$domain/_synapse/admin/v1/register" \
  -H "Content-Type: application/json" \
  -d '{
    "nonce": "'"$nonce"'",
    "username": "'"$username"'",
    "displayname": "'"$displayname"'",
    "password": "'"$password"'",
    "admin": '"$admin_bool"',
    "mac": "'"$mac"'"
  }')

# response
if echo "$response" | jq -e '.access_token' >/dev/null; then
  echo "User @$username:$domain created successfully."
  echo "$response" | jq
else
  echo "Failed to create user. Server response:"
  echo "$response"
  exit 1
fi