#!/bin/bash

# Script per testare la connessione VPN
# Salva come: storage/scripts/test-vpn-connection.sh

echo "=== VPN CONNECTION TEST ==="
echo "Data: $(date)"
echo ""

SCRIPT_DIR="$(dirname "$0")"
CONFIG_FILE="$SCRIPT_DIR/vpn-config.conf"

# 1. Verifica prerequisiti
echo "1. Checking prerequisites..."

if [[ ! -f "/opt/cisco/anyconnect/bin/vpn" ]]; then
    echo "   ❌ Cisco AnyConnect not found"
    exit 1
fi
echo "   ✅ Cisco AnyConnect installed"

if [[ ! -f "$CONFIG_FILE" ]]; then
    echo "   ❌ VPN config file not found: $CONFIG_FILE"
    exit 1
fi
echo "   ✅ VPN config file found"

# 2. Carica configurazione
echo ""
echo "2. Loading configuration..."
source "$CONFIG_FILE"

if [[ -z "$VPN_USERNAME" || -z "$VPN_PASSWORD" || -z "$VPN_SERVER" ]]; then
    echo "   ❌ Configuration incomplete"
    echo "      Username: ${VPN_USERNAME:-[missing]}"
    echo "      Password: ${VPN_PASSWORD:+[set]}${VPN_PASSWORD:-[missing]}"
    echo "      Server: ${VPN_SERVER:-[missing]}"
    exit 1
fi

echo "   ✅ Configuration loaded"
echo "      Username: $VPN_USERNAME"
echo "      Server: $VPN_SERVER"

# 3. Test connettività server
echo ""
echo "3. Testing server connectivity..."
SERVER_HOST=$(echo "$VPN_SERVER" | cut -d'/' -f1)

if ping -c 3 "$SERVER_HOST" >/dev/null 2>&1; then
    echo "   ✅ Server $SERVER_HOST is reachable"
else
    echo "   ⚠️  Server $SERVER_HOST ping failed (might be normal for VPN servers)"
fi

# 4. Controlla stato attuale
echo ""
echo "4. Checking current VPN status..."
CURRENT_STATUS=$(/opt/cisco/anyconnect/bin/vpn state 2>/dev/null)
echo "   Current status:"
echo "$CURRENT_STATUS" | sed 's/^/      /'

# 5. Test di connessione (solo se disconnesso)
if echo "$CURRENT_STATUS" | grep -q "Disconnected"; then
    echo ""
    echo "5. Testing VPN connection..."
    echo "   Attempting to connect (this may take 30-60 seconds)..."

    # Crea un file temporaneo con le credenziali
    TEMP_CREDS=$(mktemp)
    echo -e "${VPN_USERNAME}\n${VPN_PASSWORD}\ny" > "$TEMP_CREDS"

    # Tenta la connessione con timeout
    timeout 60 /opt/cisco/anyconnect/bin/vpn -s connect "$VPN_SERVER" < "$TEMP_CREDS" >/dev/null 2>&1
    CONNECT_RESULT=$?

    # Pulisci il file temporaneo
    rm -f "$TEMP_CREDS"

    # Controlla il risultato
    sleep 5  # Aspetta che la connessione si stabilizzi
    NEW_STATUS=$(/opt/cisco/anyconnect/bin/vpn state 2>/dev/null)

    if echo "$NEW_STATUS" | grep -q "Connected"; then
        echo "   ✅ VPN connection successful!"
        echo "   New status:"
        echo "$NEW_STATUS" | sed 's/^/      /'

        # Test di connettività attraverso VPN
        echo ""
        echo "6. Testing connectivity through VPN..."
        if curl -s --max-time 10 https://httpbin.org/ip >/dev/null 2>&1; then
            echo "   ✅ Internet connectivity through VPN: OK"

            # Mostra IP pubblico
            PUBLIC_IP=$(curl -s --max-time 5 https://httpbin.org/ip | grep -o '"origin":"[^"]*"' | cut -d'"' -f4)
            echo "   Public IP: ${PUBLIC_IP:-[unable to detect]}"
        else
            echo "   ⚠️  Internet connectivity test failed"
        fi

        # Disconnetti dopo il test
        echo ""
        echo "7. Disconnecting test connection..."
        /opt/cisco/anyconnect/bin/vpn disconnect >/dev/null 2>&1
        sleep 3
        echo "   ✅ Disconnected"

    else
        echo "   ❌ VPN connection failed"
        echo "   Status after attempt:"
        echo "$NEW_STATUS" | sed 's/^/      /'
    fi

else
    echo ""
    echo "5. Skipping connection test (VPN already connected or in unknown state)"
fi

echo ""
echo "=== TEST COMPLETED ==="