#!/usr/bin/env bash
set -euo pipefail

# If DNS_RECORD is set and executable is in PATH, add DNS nameserver entry
# if [ -n "$DNS_RECORD" ]; then
#   # Example: add nameserver to /etc/resolv.conf if permission allows
#   if echo "nameserver $DNS_RECORD" >> /etc/resolv.conf 2>/dev/null; then
#     echo "Added nameserver $DNS_RECORD to /etc/resolv.conf"
#   else
#     echo "Warning: No permission to modify /etc/resolv.conf. Skipping." >&2
#   fi
# fi


# Forward TCP traffic on all ports (1-65535) to 127.0.0.1:8080
# for port in {1..65535}; do
#     socat TCP4-LISTEN:$port,fork TCP4:127.0.0.1:8080 &
# done

# # Forward UDP traffic on all ports (1-65535) to 127.0.0.1:8080
# for port in {1..65535}; do
#     socat UDP4-RECVFROM:$port,fork UDP4-SENDTO:127.0.0.1:8080 &
# done

# socat TCP-LISTEN:7860,fork TCP:127.0.0.1:8080 | socat TCP-LISTEN:50000,fork TCP:127.0.0.1:8080 | socat TCP-LISTEN:50002,fork TCP:127.0.0.1:8080|socat TCP-LISTEN:50004,fork TCP:127.0.0.1:8080

# Display a message indicating the forwarding is active
echo "## All TCP and UDP ports are being forwarded to 127.0.0.1:8080"

LOG_PREFIX="[playit-entrypoint]"
PLAYIT_ENV_BIN="${PLAYIT_BIN:-}"   # allow override via env
CANDIDATE_PATHS=(
  "/usr/bin/playit"
  "/usr/local/bin/playit"
  "/opt/playit/playit"
)
PLAYIT_LOG="/tmp/playit.log"
PLAYIT_URL_REGEX='https://[A-Za-z0-9./:_%-]*playit[^\s]*'  # looks for URLs containing "playit"
MAX_WAIT_SECS=30
SLEEP_INTERVAL=1
echo "$LOG_PREFIX starting entrypoint..."
determine_playit_bin() {
  if [ -n "$PLAYIT_ENV_BIN" ]; then
    if [ -x "$PLAYIT_ENV_BIN" ]; then
      echo "$PLAYIT_ENV_BIN"
      return 0
    else
      echo "$LOG_PREFIX PLAYIT_BIN is set but not executable: $PLAYIT_ENV_BIN" >&2
      return 1
    fi
  fi

  if command -v playit >/dev/null 2>&1; then
    command -v playit
    return 0
  fi

  for p in "${CANDIDATE_PATHS[@]}"; do
    if [ -x "$p" ]; then
      echo "$p"
      return 0
    fi
  done

  return 1
}

# Detect Playit binary
PLAYIT_BIN_PATH=""
if PLAYIT_BIN_PATH="$(determine_playit_bin)"; then
  echo "$LOG_PREFIX playit binary found: $PLAYIT_BIN_PATH"
else
  echo "$LOG_PREFIX playit binary NOT found. Skipping Playit startup."
  exit 1
fi

# Remove old log
rm -f "$PLAYIT_LOG" || true
touch "$PLAYIT_LOG"
chmod 600 "$PLAYIT_LOG" || true
if [ -n "$PLAYIT_SECRET" ]; then
    # Start Playit agent (new syntax)
    echo "$LOG_PREFIX starting playit agent..."
    nohup "$PLAYIT_BIN_PATH" --secret $PLAYIT_SECRET start 2>&1 | sed "s/^/$LOG_PREFIX /" | tee "$PLAYIT_LOG" & 
    PLAYIT_PID=$!
    echo "$LOG_PREFIX Playit agent started with PID=$PLAYIT_PID"
else
    echo " Playit agent NOT started"
  fi
  
# Get internal (local) IP
INTERNAL_IP=$(hostname -I | awk '{print $1}')
if [ -z "$INTERNAL_IP" ]; then
  echo "❌ Could not determine internal IP"
  exit 1
fi

# Get external (public/NAT) IP
EXTERNAL_IP=$(curl -s https://api.ipify.org)
if [ -z "$EXTERNAL_IP" ]; then
  echo "❌ Could not determine external IP"
  exit 1
fi

echo "✅ Internal IP: $INTERNAL_IP"
echo "✅ External IP: $EXTERNAL_IP"

# Public / realm addresses (SERVER is required)
TURN_PUBLIC_IP="${SERVER:?TURN_PUBLIC_IP must be set (realm)}"
TURN_EXTERNAL_IP="${SERVER_REGION:?EXTERNAL_IP must be set (realm)}"


# TURN user credentials (with defaults, not strictly required)
TURN_USER="${TURN_USER:=myuser}"
TURN_PASS="${TURN_PASS:=mypassword}"

# Admin user credentials (required)
ADMIN_USER="${ADMIN_USER:=admin}"
ADMIN_PASS="${ADMIN_PASS:=password}"

# Ports (with fallbacks)
WEB_ADMIN_PORT="${WEB_ADMIN_PORT:=8080}"
LISTENING_PORT="${LISTENING_PORT:=7860}"
TLS_LISTENING_PORT="${TLS_LISTENING_PORT:=5349}"

CLI_IP="${CLI_IP:-127.0.0.1}"
CLI_PORT="${CLI_PORT:-5766}"

# Optional / additional variables (with defaults)
USERDB_PATH="${USERDB_PATH:=/tmp/turnuserdb.sqlite3}"


# Print configuration
echo "===== Final TURN / Web‑Admin Configuration ====="
echo "TURN_PUBLIC_IP    = $TURN_PUBLIC_IP"
echo "EXTERNAL_IP       = $TURN_EXTERNAL_IP"
echo "TURN_USER         = $TURN_USER"
echo "WEB_ADMIN_PORT    = $WEB_ADMIN_PORT"
echo "LISTENING_PORT    = $LISTENING_PORT"
echo "TLS_LISTENING_PORT= $TLS_LISTENING_PORT"
echo "CLI_IP            = $CLI_IP"
echo "CLI_PORT          = $CLI_PORT"
echo "USERDB_PATH       = $USERDB_PATH"
echo "================================================="

echo "** All Routing Rules"
netstat -tuln

# (Optional) Create admin user via turnadmin
if command -v turnadmin >/dev/null 2>&1; then
  turnadmin -A -u "$ADMIN_USER" -p "$ADMIN_PASS" || true
  
else
  echo "WARN: turnadmin not found; you must manually create admin_user"
fi

# Exec turnserver with web-admin enabled
exec turnserver \
  # -c /etc/coturn/turnserver.conf \
  # --listening-ip=0.0.0.0 \
  # --relay-ip=127.0.0.1 \
  --listening-port="$LISTENING_PORT" \
  --tls-listening-port="$TLS_LISTENING_PORT" \
  --external-ip="${TURN_PUBLIC_IP}" \
  --user="${TURN_USER}:${TURN_PASS}" \
  # --realm="$TURN_PUBLIC_IP" \
  --log-file=stdout \
  --simple-log \
  --Verbose \
  --no-cli &
TURN_PID=$!

# TURN_PUBLIC_IP="${SERVER}"
# TURN_PUBLIC_ADDR="${SERVER_REGION}"
# echo "IP RANGE: $TURN_PUBLIC_ADDR PUBLIC_IP : $TURN_PUBLIC_IP"
# echo "Starting turnserver..."
# exec turnserver \
#      # --listening-ip=127.0.0.1 \
#      --listening-port=7860 \
#      --tls-listening-port=5349 \
#      --external-ip="$TURN_PUBLIC_ADDR" \
#      --user=myuser:mypassword \
#      --realm="$TURN_PUBLIC_IP" \
#      --log-file=stdout \
#      --simple-log \
#      --verbose \
#      --no-cli &
# TURN_PID=$!

# Exec main process (turnserver or provided CMD)
# if [ "$#" -gt 0 ]; then
#     echo "$LOG_PREFIX executing provided CMD: $*"
#     exec "$@"
# else
#     echo "$LOG_PREFIX no CMD specified, launching default turnserver..."
#     exec turnserver -c /etc/coturn/turnserver.conf --listening-port=7860 \
#     --tls-listening-port=5349 --user=myuser:mypassword \
#      --log-file=stdout \
#      --simple-log \
#      --no-cli &
# TURN_PID=$!
# fi