#!/bin/sh
set -eu

MAP="/data/layerops/ssh/mapping.json"

LOGTAG=layerops-ssh
DEBUG=1

ERR_MSG="Connection failed"
WAIT_MSG="If the SSH connection was just created, please wait up to a minute and try again."

log(){ logger -t "$LOGTAG" -- "$@"; [ "$DEBUG" -ge 1 ] && printf '[%s] %s\n' "$LOGTAG" "$*" >&2; }
trap 'rc=$?; log "exit rc=$rc"; exit $rc' EXIT

UUID="${SSH_ORIGINAL_COMMAND:-}"
[ -n "$UUID" ] || { 
  log "missing uuid"; 
  printf '%s\n' "$ERR_MSG" >&2
  printf '%s\n' "$WAIT_MSG" >&2
  exit 2
}
case "$UUID" in *[!A-Za-z0-9-]*|"") 
  log "invalid uuid: $UUID"; 
  printf '%s\n' "$ERR_MSG" >&2
  printf '%s\n' "$WAIT_MSG" >&2
  exit 1
;; esac

[ -n "${SSH_AUTH_SOCK:-}" ] || { 
  log "no SSH_AUTH_SOCK (need -A)"; 
  printf '%s\n' "$ERR_MSG" >&2
  printf '%s\n' "$WAIT_MSG" >&2
  exit 2
}


[ -r "$MAP" ] || { 
  log "map missing or unreadable: $MAP"; 
  printf '%s\n' "$ERR_MSG" >&2
  printf '%s\n' "$WAIT_MSG" >&2
  exit 1
}

# Mapping is a JSON list of objects: sshUuid, privateIp, containerId, command
VM_IP=$(jq -r --arg u "$UUID" '
  (if type=="array" then .[] else . end)
  | select(.sshUuid==$u)
  | .privateIp
' "$MAP" 2>/dev/null || true)
[ -n "$VM_IP" ] || { 
  log "uuid not found: $UUID"; 
  printf '%s\n' "$ERR_MSG" >&2
  printf '%s\n' "$WAIT_MSG" >&2
  exit 1
}
echo "$VM_IP" | grep -Eq '^[0-9.]+$' || { 
  log "bad ip in map"; 
  printf '%s\n' "$ERR_MSG" >&2
  printf '%s\n' "$WAIT_MSG" >&2
  exit 1
}

SRCIP="$(printf %s "${SSH_CONNECTION:-}" | awk '{print $1}')"

# hop to VM using client's forwarded agent, pass the UUID; VM side maps UUID->container
exec ssh -A -tt \
  -p 2222 \
  -o BatchMode=yes \
  -o UserKnownHostsFile=/home/dev/.ssh/known_hosts \
  -o StrictHostKeyChecking=accept-new \
  -o LogLevel=ERROR \
  -o ConnectTimeout=10 \
  "dev@$VM_IP" "$UUID" 2>/dev/null || { 
    printf '%s\n' "$ERR_MSG" >&2
    printf '%s\n' "$WAIT_MSG" >&2
    exit 1
  }