#!/bin/bash
set -e

validate_alnum() {
    local val="$1"
    local name="$2"
    case "$val" in
        *$'\n'*) echo "ERROR: $name contains newlines"; exit 1 ;;
    esac
    if ! printf '%s' "$val" | grep -qE '^[a-zA-Z0-9._-]+$'; then
        echo "ERROR: $name contains invalid characters: $val"
        exit 1
    fi
}

validate_alnum "$SSH_HOST_IP" "SSH_HOST_IP"
validate_alnum "$SHOP_CONTAINER" "SHOP_CONTAINER"
if ! echo "$ADMIN_PORT" | grep -qE '^[0-9]+$'; then
    echo "ERROR: ADMIN_PORT must be a number: $ADMIN_PORT"
    exit 1
fi

if [ "$SSH_HOST_IP" = "host.docker.internal" ]; then
    if ! getent hosts host.docker.internal >/dev/null 2>&1; then
        GATEWAY=$(ip route | grep default | awk '{print $3}')
        if [ -n "$GATEWAY" ]; then
            SSH_HOST_IP="$GATEWAY"
            echo "host.docker.internal not resolvable, using gateway: $SSH_HOST_IP"
        fi
    fi
fi

mkdir -p /var/lib/tor/ssh /var/lib/tor/admin
chown -R tor:nogroup /var/lib/tor
chmod 700 /var/lib/tor /var/lib/tor/ssh /var/lib/tor/admin

cat > /etc/tor/torrc <<EOF
# Generated by entrypoint.sh at container start
RunAsDaemon 0
SocksPort 0
Log notice stdout
DataDirectory /var/lib/tor
User tor

# --- SSH hidden service (proxies to host SSH) ---
HiddenServiceDir /var/lib/tor/ssh/
HiddenServicePort 22 ${SSH_HOST_IP}:22

# --- Admin panel hidden service (proxies to shop container) ---
HiddenServiceDir /var/lib/tor/admin/
HiddenServicePort 80 ${SHOP_CONTAINER}:${ADMIN_PORT}
EOF

echo "torrc contents:"
cat /etc/tor/torrc

mkdir -p /onion-hosts

( \
  echo "Waiting for onion addresses..."; \
  for i in $(seq 1 120); do \
    SSH_H=""; ADMIN_H=""; \
    [ -s /var/lib/tor/ssh/hostname ] && SSH_H=$(cat /var/lib/tor/ssh/hostname); \
    [ -s /var/lib/tor/admin/hostname ] && ADMIN_H=$(cat /var/lib/tor/admin/hostname); \
    if [ -n "$SSH_H" ] && [ -n "$ADMIN_H" ]; then \
      cat > /onion-hosts/onion-hosts.txt <<CONF
# Tor Onion Addresses - auto-generated at $(date -u +%Y-%m-%dT%H:%M:%SZ)
# Do not edit manually - overwritten on container restart
SSH_ONION=${SSH_H}
ADMIN_ONION=${ADMIN_H}
# Usage:
#   SSH:    torify ssh user@${SSH_H}
#   Admin:  open http://${ADMIN_H} in Tor Browser
CONF
      echo "Onion addresses saved to /onion-hosts/onion-hosts.txt"; \
      exit 0; \
    fi; \
    sleep 2; \
  done; \
  echo "WARNING: Timed out waiting for onion addresses"; \
) &

echo "Starting Tor..."
exec tor -f /etc/tor/torrc