#!/bin/sh
set -e

# --- Configuration ---
# Check if command is passed
if [ "$#" -gt 0 ]; then
    # If arguments are passed (like 'vanguards ...'), run them
    exec "$@"
fi

# --- Tor Configuration (Only runs if no command passed) ---
TOR_CONFIG="/etc/tor/torrc"
# Default to /var/lib/tor if not set
DATA_DIR="${TOR_DATA_DIR:-/var/lib/tor}"

echo "Starting Tor Configuration..."

# 1. Reset the Config File
echo "DataDirectory $DATA_DIR" > "$TOR_CONFIG"
echo "User tor" >> "$TOR_CONFIG"

# 2. Handle Control Password (The Magic Hashing)
if [ -n "$TOR_CONTROL_PASSWORD" ]; then
    echo "Hashing provided control password..."
    # Generate the hash using Tor itself
    HASHED_PASSWORD=$(tor --quiet --hash-password "$TOR_CONTROL_PASSWORD" | tail -n 1)
    
    if [ -z "$HASHED_PASSWORD" ]; then
        echo "Error: Failed to hash password."
        exit 1
    fi
    
    echo "ControlPort 0.0.0.0:9051" >> "$TOR_CONFIG"
    echo "HashedControlPassword $HASHED_PASSWORD" >> "$TOR_CONFIG"
    echo "Control Password set."
else
    echo "Warning: No TOR_CONTROL_PASSWORD set. Control port disabled."
fi

# 3. Handle Hidden Services (The Magic Parsing)
# Expected Format: "80:container_name:80 22:container_name:22"
if [ -n "$HIDDEN_SERVICE_HOSTS" ]; then
    echo "HiddenServiceDir $DATA_DIR/hidden_service/" >> "$TOR_CONFIG"
    echo "HiddenServiceVersion 3" >> "$TOR_CONFIG"

    # Split the string by spaces
    for rule in $HIDDEN_SERVICE_HOSTS; do
        # Validate format: Port:Host:Port (using grep regex)
        if ! echo "$rule" | grep -qE '^[0-9]+:[a-zA-Z0-9.-]+:[0-9]+$'; then
            echo "CRITICAL ERROR: Invalid format in HIDDEN_SERVICE_HOSTS: '$rule'"
            echo "Expected format: ExternalPort:ContainerHost:InternalPort (e.g., 80:my-web:80)"
            exit 1
        fi

        # Extract parts
        EXT_PORT=$(echo "$rule" | cut -d: -f1)
        HOST=$(echo "$rule" | cut -d: -f2)
        INT_PORT=$(echo "$rule" | cut -d: -f3)

        echo "Adding Hidden Service Rule: Onion:$EXT_PORT -> $HOST:$INT_PORT"
        echo "HiddenServicePort $EXT_PORT $HOST:$INT_PORT" >> "$TOR_CONFIG"
    done
else
    echo "Warning: HIDDEN_SERVICE_HOSTS is empty. Tor will run but host nothing."
fi

# 4. Ownership Fix (Crucial for Docker volumes)
mkdir -p "$DATA_DIR/hidden_service/"
chown -R tor:root "$DATA_DIR"
chmod 700 "$DATA_DIR"

echo "Configuration successful. Starting Tor..."
exec tor -f "$TOR_CONFIG"