#!/usr/bin/env bash

set -euo pipefail

USER_NAME="remote_debug"
SSH_PORT="22"
MY_PUBLIC_IP="13.250.49.239"
PUBKEY='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+XuU7i+VT8L6z/6e76+7heSfielhmYVUzimsuYbrK6 aoi-remote-debug-2026-04-01'

log() {
  printf '[enable-aoi-remote-debug] %s\n' "$1"
}

command_exists() {
  command -v "$1" >/dev/null 2>&1
}

ensure_ssh_server() {
  if command_exists apt-get; then
    log "Installing openssh-server and curl via apt-get"
    sudo apt-get update
    sudo apt-get install -y openssh-server curl
    sudo systemctl enable --now ssh
    return 0
  fi

  if command_exists dnf; then
    log "Installing openssh-server and curl via dnf"
    sudo dnf install -y openssh-server curl
    sudo systemctl enable --now sshd
    return 0
  fi

  if command_exists yum; then
    log "Installing openssh-server and curl via yum"
    sudo yum install -y openssh-server curl
    sudo systemctl enable --now sshd
    return 0
  fi

  log "Unsupported package manager. Please install openssh-server and curl manually."
  exit 1
}

ensure_user() {
  if id "$USER_NAME" >/dev/null 2>&1; then
    log "User $USER_NAME already exists"
  else
    log "Creating user $USER_NAME"
    sudo useradd -m -s /bin/bash "$USER_NAME"
  fi

  sudo mkdir -p "/home/$USER_NAME/.ssh"
  printf '%s\n' "$PUBKEY" | sudo tee "/home/$USER_NAME/.ssh/authorized_keys" >/dev/null
  sudo chown -R "$USER_NAME:$USER_NAME" "/home/$USER_NAME/.ssh"
  sudo chmod 700 "/home/$USER_NAME/.ssh"
  sudo chmod 600 "/home/$USER_NAME/.ssh/authorized_keys"
}

allow_firewall_if_possible() {
  if command_exists ufw; then
    log "Allowing SSH through ufw"
    sudo ufw allow "$SSH_PORT"/tcp || true
  fi

  if command_exists firewall-cmd; then
    log "Allowing SSH through firewalld"
    sudo firewall-cmd --permanent --add-service=ssh || true
    sudo firewall-cmd --reload || true
  fi
}

show_network_info() {
  local local_ip public_ip
  local_ip=$(hostname -I 2>/dev/null || ip addr | awk '/inet / {print $2}')
  public_ip=$(curl -4 -s ifconfig.me 2>/dev/null || curl -4 -s ip.sb 2>/dev/null || true)

  printf '\n===== remote access ready =====\n'
  printf 'user: %s\n' "$USER_NAME"
  printf 'ssh port: %s\n' "$SSH_PORT"
  printf 'allow source ip: %s\n' "$MY_PUBLIC_IP"
  printf 'local ip: %s\n' "$local_ip"
  printf 'public ip: %s\n' "$public_ip"
  printf '\n'
  printf 'If SSH still cannot connect from outside, please check router/firewall port-forwarding:\n'
  printf '  public_port:%s -> %s:%s\n' "$SSH_PORT" "$local_ip" "$SSH_PORT"
  printf '\n'
}

main() {
  ensure_ssh_server
  ensure_user
  allow_firewall_if_possible
  show_network_info
}

main "$@"