#!/bin/env bash
set -e -u -o pipefail
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null && pwd)"
VPN=${VPN:-vpn0}

down='false'

while getopts ':d' flag; do
    case "${flag}" in
    d) down='true' ;;
    *)
        echo "sudonixe nokia-auto-vpn 'dot_env_secret password' <TOPT for MS authenticator>"
        exit 1
        ;;
    esac
done

function route_cleanup() {
    sudo ip route delete 10.0.0.0/8 dev $VPN metric 50 || true
    sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true
    sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true
}

if [[ "$down" = "true" ]]; then
    sudo nmcli connection down Nokia || true
    route_cleanup
    echo "VPN is down, routes cleared up, exiting..."
    exit 0
fi

: ${1:?Missing decrypt pass}
: ${2:?Missing topt but needed}

dot_env_secret=$(echo 'U2FsdGVkX19eQYx+TShrhfCxm+MxGCZjtv6PqltQuPsjeJWGZMu34C3zTGjjbq/+vF+/B5arScbw8tnZIqwQq7ISqGTHmDbPS9KqUokXFGEPYW43t9tC42XHMfPtWVrimHS1HENS6U9A0+NSYrS1TQ==' |
    openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1)

export $(echo $dot_env_secret | grep "=" | grep -v "#" | xargs)

: ${VPN_PEM_PASS:?Missing but needed}
: ${VPN_USER:?Missing but needed}
: ${VPN_USER_PASS:?Missing but needed}

expect $DIR/vpn.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $2

# NOTE: check README.md for dns config
# EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN")
# NEW="${EXISTING:+$EXISTING,}cci.nokia.net"

route_cleanup

# checks for ip is available after vpn connections (if not its somehow connection failed)
vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
if [[ -z $vpn_ip ]]; then
    echo "Connection failed somehow?!"
    exit 1
fi

sudo ip route add 10.0.0.0/8 dev $VPN metric 50
sudo ip route add 100.0.0.0/8 dev $VPN metric 50
sudo ip route add 135.0.0.0/8 dev $VPN metric 50