#!/bin/bash
#
# 备份和加密指定目录，然后将其推送到 Git 仓库

set -euo pipefail

export GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'

check_ssh_connection() {
  if ! ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T git@hf.co | grep -q user; then
    echo "SSH 登录失败" >&2
    exit 1
  fi
}

check_age_command() {
  if ! command -v age &> /dev/null; then
    echo "age 命令不可用" >&2
    exit 1
  fi
}

cleanup() {
  local uuid=$1
  if [[ -d /tmp/${uuid} ]]; then
    rm -rf "/tmp/${uuid}"
  fi
}

backup_and_push() {
  local dir_path=$1
  local taskname=$2
  local dir_name
  dir_name=$(basename "${dir_path}")
  local uuid
  uuid=$(openssl rand -hex 16)
  local datetime
  datetime=$(date +"%Y%m%d%H%M")
  local archive_name="${taskname}_${uuid}_${datetime}.tar.gz"
  local encrypted_name="${taskname}_${datetime}.bin"

  mkdir "/tmp/${uuid}"
  cd "/tmp/${uuid}" || exit 1

  # 压缩目录
  if ! tar -czf "${archive_name}" -C "$(dirname "${dir_path}")" "$(basename "${dir_path}")"; then
    echo "压缩失败" >&2
    cleanup "${uuid}"
    exit 1
  fi

  # 加密压缩包
  if ! tar cvz "${archive_name}" | age -r <AGE_PUBLIC_KEY> > "${encrypted_name}"; then
    echo "加密失败" >&2
    cleanup "${uuid}"
    exit 1
  fi

  echo "压缩和加密完成: ${encrypted_name}"

  # 推送到 Git 仓库
  GIT_LFS_SKIP_SMUDGE=1 git clone git@example.com:<REPO_PATH>
  cd <REPO_NAME> || exit 1
  mkdir -p "${taskname}"
  mv "../${encrypted_name}" "./${taskname}/${dir_name}${datetime}.bin"
  git add "./${taskname}/${dir_name}${datetime}.bin"
  git commit -m "ADD ${taskname}/${dir_name}${datetime}.bin"
  git push

  cleanup "${uuid}"
}

main() {
  check_ssh_connection
  check_age_command

  docker stop nginx
  backup_and_push /var/www/html nginx_back
  docker start nginx
}

main "$@"