#!/bin/bash
set -euo pipefail

: ${INSTANCE:=https://secret.ssh.surf} # Where to reach the API of the instance (omit trailing slash)

deps=(curl jq)
for cmd in "${deps[@]}"; do
  which ${cmd} >/dev/null || {
    echo "'${cmd}' util is required for this script"
    exit 1
  }
done

if [ $# -gt 0 ]; then
  # Combine all command-line arguments into a single line
  SECRET="$*"

  # Generate a random 20 character password
  pass=$(cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c 20 || true)

  # Encrypt the secret
  ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null)

  # Create a secret and extract the secret ID
  id=$(
    curl -sSf \
      -X POST \
      -H 'content-type: application/json' \
      -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
      "${INSTANCE}/api/create" |
      jq -r '.secret_id'
  )

  # Display URL to user
  echo -e "Secret is now available at:\n${INSTANCE}/#${id}%7C${pass}"
elif [ ! -t 0 ]; then
  # Read all input from stdin into a single variable
  SECRET=$(cat -)

  # Generate a random 20 character password
  pass=$(cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c 20 || true)

  # Encrypt the secret
  ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null)

  # Create a secret and extract the secret ID
  id=$(
    curl -sSf \
      -X POST \
      -H 'content-type: application/json' \
      -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
      "${INSTANCE}/api/create" |
      jq -r '.secret_id'
  )

  # Display URL to user
  echo -e "Secret is now available at:\n${INSTANCE}/#${id}%7C${pass}"
else
  echo "Usage: $0 'secret to share' or echo 'secret to share' | $0 or $0 arg1 arg2 arg3..."
  exit 1
fi