#!/bin/bash
set -e
function help {
    cat <<EOF
TokSSH: Make an SSH connection over Tox.

Use this simple wrapper like you would use "ssh".

Usage:
    tokssh [ssh options] [user@]<address>

Usage:
    TUNTOX_DESTINATION=[user@]<address> tokssh

where

    ssh options:       options to pass to ssh process
    user:              login username on remote host (you could also use "-l user")
    address:           a ToxID

    To specify a tuntox secret (password), set the environment variable
    TUNTOX_SECRET.

    Specifying passwords on the command line is insecure, since the arguments of
    programs are considered public data.

    For that reason, you can also specify the remote address and username with
    the environment variable TUNTOX_DESTINATION. This hides your desintation
    from other users on the system. In this case, all options will be passed to
    SSH.

examples:

    TUNTOX_SECRET=sOmEPassWOrd tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
    tokssh user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
    tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
    tokssh -p 2222 -o ForwardAgent=yes -l user 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
    TUNTOX_DESTINATION=5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 tokssh -p 2222

files:
    ~/.tuntox/persist/

      If directory exists, then read & store a persistent secret key/TOXID within.

EOF
}

if [ "$TUNTOX_DESTINATION" ]
then
    set -- "$@" "$TUNTOX_DESTINATION"
    unset TUNTOX_DESTINATION
fi

while [ $# -gt 0 ]
do
    case "$1" in
        -h|--help)
            help
            exit ;;
        *)
            if [ $# -eq 1 ]
            then
                break
            else
                ssh_options += "$1"
            fi ;;
    esac
    shift
done
[ $# = 1 ] || { help; exit 1; }

if [ -d ~/.tuntox/persist ]; then
    persist='-C ~/.tuntox/persist'
else
    persist=
fi

# Explicitly set the default values for CanonicalizeHostname and UpdateHostKeys,
# just to be safe.

# We use StrictHostKeyChecking=accept because Tox validates the Tox identity and
# the Tox key is the identity.  We have already performed initial public key
# exchange.

ssh \
    -o ProxyCommand="tuntox $persist -i $toxid -W localhost:%p '$TUNTOX_SECRET'" \
    -o StrictHostKeyChecking=accept \
    -o CanonicalizeHostname=no \
    -o UpdateHostKeys=yes \
    "${ssh_options[@]}" \
    -- \
    "$1"