#!/bin/bash

# Script to launch wstunnel client using parameters from the [client] section of a configuration file

# Configuration file paths
PRIMARY_CONFIG="/etc/wstunnel/wstunnel.conf"
FALLBACK_CONFIG="/usr/share/defaults/etc/wstunnel/wstunnel.conf"

# Determine which configuration file to use
CONFIG_FILE=""
if [ -f "$PRIMARY_CONFIG" ]; then
    CONFIG_FILE="$PRIMARY_CONFIG"
elif [ -f "$FALLBACK_CONFIG" ]; then
    CONFIG_FILE="$FALLBACK_CONFIG"
else
    echo "Error: Configuration file not found at '$PRIMARY_CONFIG' or '$FALLBACK_CONFIG'."
    exit 1
fi

# Check if a configuration file is provided as an argument (overrides default paths)
if [ $# -eq 1 ]; then
    CONFIG_FILE="$1"
    if [ ! -f "$CONFIG_FILE" ]; then
        echo "Error:Specified configuration file '$CONFIG_FILE' not found."
        exit 1
    fi
fi

# Initialize variables for wstunnel client parameters
SERVER_ADDRESS=""
LOCAL_TO_REMOTE=()
REMOTE_TO_LOCAL=()
NO_COLOR=""
SOCKET_SO_MARK=""
CONNECTION_MIN_IDLE=""
NB_WORKER_THREADS=""
CONNECTION_RETRY_MAX_BACKOFF=""
LOG_LEVEL=""
TLS_SNI_OVERRIDE=""
TLS_SNI_DISABLE=""
TLS_VERIFY_CERTIFICATE=""
HTTP_PROXY=""
HTTP_PROXY_LOGIN=""
HTTP_PROXY_PASSWORD=""
HTTP_UPGRADE_PATH_PREFIX=""
HTTP_UPGRADE_CREDENTIALS=""
WEBSOCKET_PING_FREQUENCY=""
WEBSOCKET_MASK_FRAME=""
HTTP_HEADERS=()
HTTP_HEADERS_FILE=""
TLS_CERTIFICATE=""
TLS_PRIVATE_KEY=""
DNS_RESOLVER=()
DNS_RESOLVER_PREFER_IPV4=""
REVERSE_RECONNECT_MAX_DELAY=""

# Function to trim whitespace
trim() {
    local var="$1"
    var="${var#"${var%%[![:space:]]*}"}" # Remove leading whitespace
    var="${var%"${var##*[![:space:]]}"}" # Remove trailing whitespace
    echo -n "$var"
}

# Parse the [client] section of the INI file
current_section=""
while IFS='=' read -r key value; do
    # Skip empty lines and comments
    if [[ -z "$key" || "$key" =~ ^\s*# || "$key" =~ ^\s*\; ]]; then
        continue
    fi

    # Check for section headers
    if [[ "$key" =~ ^\s*\[.*\]\s*$ ]]; then
        current_section=$(echo "$key" | sed 's/^\s*\[\(.*\)\]\s*$/\1/')
        continue
    fi

    # Process only the [client] section
    if [ "$current_section" != "client" ]; then
        continue
    fi

    # Trim whitespace from key and value
    key=$(trim "$key")
    value=$(trim "$value")

    # Skip if value is empty
    if [ -z "$value" ]; then
        continue
    fi

    # Map INI keys to wstunnel client parameters
    case "$key" in
        server_address)
            SERVER_ADDRESS="$value"
            ;;
        local_to_remote)
            # Split comma-separated values into array
            IFS=',' read -ra ltr_array <<< "$value"
            for ltr in "${ltr_array[@]}"; do
                LOCAL_TO_REMOTE+=("$(trim "$ltr")")
            done
            ;;
        remote_to_local)
            # Split comma-separated values into array
            IFS=',' read -ra rtl_array <<< "$value"
            for rtl in "${rtl_array[@]}"; do
                REMOTE_TO_LOCAL+=("$(trim "$rtl")")
            done
            ;;
        no_color)
            NO_COLOR="$value"
            ;;
        socket_so_mark)
            SOCKET_SO_MARK="$value"
            ;;
        connection_min_idle)
            CONNECTION_MIN_IDLE="$value"
            ;;
        nb_worker_threads)
            NB_WORKER_THREADS="$value"
            ;;
        connection_retry_max_backoff)
            CONNECTION_RETRY_MAX_BACKOFF="$value"
            ;;
        log_level)
            LOG_LEVEL="$value"
            ;;
        tls_sni_override)
            TLS_SNI_OVERRIDE="$value"
            ;;
        tls_sni_disable)
            TLS_SNI_DISABLE="$value"
            ;;
        tls_verify_certificate)
            TLS_VERIFY_CERTIFICATE="$value"
            ;;
        http_proxy)
            HTTP_PROXY="$value"
            ;;
        http_proxy_login)
            HTTP_PROXY_LOGIN="$value"
            ;;
        http_proxy_password)
            HTTP_PROXY_PASSWORD="$value"
            ;;
        http_upgrade_path_prefix)
            HTTP_UPGRADE_PATH_PREFIX="$value"
            ;;
        http_upgrade_credentials)
            HTTP_UPGRADE_CREDENTIALS="$value"
            ;;
        websocket_ping_frequency)
            WEBSOCKET_PING_FREQUENCY="$value"
            ;;
        websocket_mask_frame)
            WEBSOCKET_MASK_FRAME="$value"
            ;;
        http_headers)
            # Split comma-separated values into array
            IFS=',' read -ra headers_array <<< "$value"
            for header in "${headers_array[@]}"; do
                HTTP_HEADERS+=("$(trim "$header")")
            done
            ;;
        http_headers_file)
            HTTP_HEADERS_FILE="$value"
            ;;
        tls_certificate)
            TLS_CERTIFICATE="$value"
            ;;
        tls_private_key)
            TLS_PRIVATE_KEY="$value"
            ;;
        dns_resolver)
            DNS_RESOLVER+=("$value")
            ;;
        dns_resolver_prefer_ipv4)
            DNS_RESOLVER_PREFER_IPV4="$value"
            ;;
        reverse_reconnect_max_delay)
            REVERSE_RECONNECT_MAX_DELAY="$value"
            ;;
    esac
done < "$CONFIG_FILE"

# Build the wstunnel client command
CMD=("wstunnel" "client")

# Add server address (required argument)
if [ -z "$SERVER_ADDRESS" ]; then
    echo "Error: server_address is required in the [client] section of the configuration file."
    exit 1
fi
CMD+=("$SERVER_ADDRESS")

# Add optional parameters
for ltr in "${LOCAL_TO_REMOTE[@]}"; do
    CMD+=("-L" "$ltr")
done
for rtl in "${REMOTE_TO_LOCAL[@]}"; do
    CMD+=("-R" "$rtl")
done
[ "$NO_COLOR" = "true" ] && CMD+=("--no-color" "true")
[ -n "$SOCKET_SO_MARK" ] && CMD+=("--socket-so-mark" "$SOCKET_SO_MARK")
[ -n "$CONNECTION_MIN_IDLE" ] && CMD+=("--connection-min-idle" "$CONNECTION_MIN_IDLE")
[ -n "$CONNECTION_RETRY_MAX_BACKOFF" ] && CMD+=("--connection-retry-max-backoff" "$CONNECTION_RETRY_MAX_BACKOFF")
[ -n "$LOG_LEVEL" ] && CMD+=("--log-lvl" "$LOG_LEVEL")
[ -n "$TLS_SNI_OVERRIDE" ] && CMD+=("--tls-sni-override" "$TLS_SNI_OVERRIDE")
[ "$TLS_SNI_DISABLE" = "true" ] && CMD+=("--tls-sni-disable")
[ "$TLS_VERIFY_CERTIFICATE" = "true" ] && CMD+=("--tls-verify-certificate")
[ -n "$HTTP_PROXY" ] && CMD+=("--http-proxy" "$HTTP_PROXY")
[ -n "$HTTP_PROXY_LOGIN" ] && CMD+=("--http-proxy-login" "$HTTP_PROXY_LOGIN")
[ -n "$HTTP_PROXY_PASSWORD" ] && CMD+=("--http-proxy-password" "$HTTP_PROXY_PASSWORD")
[ -n "$HTTP_UPGRADE_PATH_PREFIX" ] && CMD+=("--http-upgrade-path-prefix" "$HTTP_UPGRADE_PATH_PREFIX")
[ -n "$HTTP_UPGRADE_CREDENTIALS" ] && CMD+=("--http-upgrade-credentials" "$HTTP_UPGRADE_CREDENTIALS")
[ -n "$WEBSOCKET_PING_FREQUENCY" ] && CMD+=("--websocket-ping-frequency" "$WEBSOCKET_PING_FREQUENCY")
[ "$WEBSOCKET_MASK_FRAME" = "true" ] && CMD+=("--websocket-mask-frame")
for header in "${HTTP_HEADERS[@]}"; do
    CMD+=("--http-headers" "$header")
done
[ -n "$HTTP_HEADERS_FILE" ] && CMD+=("--http-headers-file" "$HTTP_HEADERS_FILE")
[ -n "$TLS_CERTIFICATE" ] && CMD+=("--tls-certificate" "$TLS_CERTIFICATE")
[ -n "$TLS_PRIVATE_KEY" ] && CMD+=("--tls-private-key" "$TLS_PRIVATE_KEY")
[ -n "$REVERSE_RECONNECT_MAX_DELAY" ] && CMD+=("--reverse-reconnect-max-delay" "$REVERSE_RECONNECT_MAX_DELAY")
for resolver in "${DNS_RESOLVER[@]}"; do
    CMD+=("--dns-resolver" "$resolver")
done
[ "$DNS_RESOLVER_PREFER_IPV4" = "true" ] && CMD+=("--dns-resolver-prefer-ipv4")

# Set environment variable for nb_worker_threads if specified
if [ -n "$NB_WORKER_THREADS" ]; then
    export TOKIO_WORKER_THREADS="$NB_WORKER_THREADS"
fi

# Print the command for debugging
echo "Using configuration file: $CONFIG_FILE"

# Execute the wstunnel client command
exec "${CMD[@]}"