#!/usr/bin/env sh
set -o errexit

mode="fg"
pid_path=""
pass_path="accounts/fhnw/students.fhnw.ch"
op_args=""

display_help() {
  echo "Usage: $0 [option...] " >&2
  echo
  echo "   -m,   vpn mode (one of \"fg\", \"bg\") [default: $mode]"
  echo "   -t,   path to pid file if run in \"bg\" mode [default: mktemp]"
  echo "   -p,   path for pass to get user and password information [default: $pass_path]"
  echo "   -h,   display this help and exit"
  echo
}

parse_args() {
  while getopts ":hm:t:p:" opt; do
    case $opt in
    h)
      display_help
      exit 0
      ;;
    m)
      mode=$OPTARG
      ;;
    t)
      pid_path=$OPTARG
      ;;
    p)
      pass_path=$OPTARG
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      display_help
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument." >&2
      display_help
      exit 1
      ;;
    esac
  done
}

get_account_info() {
  echo "getting password and token from pass..."
  acc_info="$(pass "$pass_path")"
  acc_pw="$(echo "$acc_info" | head -n 1)"
  acc_user="$(echo "$acc_info" | awk -F ': ' '/^login:/ {print $2}')"
  acc_token="$(echo "$acc_info" | awk -F ': ' '/^otp-secret:/ {print $2}')"
}

connect_vpn() {
  if [ "$mode" != "fg" ]; then
    if [ -z "$pid_path" ]; then
      pid_file="$(SUDO_PROMPT="sudo pw for pid: " sudo mktemp)"
    else
      pid_file="$pid_path"
    fi
    echo "vpn-pid: $pid_file"
    op_args=" --pid-file=$pid_file --background"
  fi

  echo "getting vpn cookie..."
  eval "$(ocma -v -u "$acc_user" -p "$acc_pw" -m "$acc_token" --print-to-stdout)"

  op_args="$op_args --cookie=$VPN_COOKIE"
  cmd="openconnect$op_args $VPN_HOST"

  # shellcheck disable=2086
  SUDO_PROMPT="sudo pw for vpn connection: " sudo $cmd
}

parse_args "$@"
get_account_info
connect_vpn