#!/bin/bash

MODE="$1" # 'rw' or 'readonly'
PERSON="$2"
WORKSPACE="$SSH_ORIGINAL_COMMAND"
IMAGE="analytics-backend-workspace" # change to match your setup
TMUX_SESSION="$WORKSPACE@analytics-backend"
DEV_USER="devuser"

log() {
  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"
}

if [[ ! "$WORKSPACE" =~ ^[a-zA-Z0-9._-]+$ ]]; then
  log "❌ Invalid container name: $WORKSPACE"
  exit 1
fi

# Function to start the container if not running
start_container_if_needed() {
  if ! podman container exists "$WORKSPACE"; then
    log "🚀 Creating container $WORKSPACE..."
    podman run -dit \
      --userns=keep-id \
      --name "$WORKSPACE" \
      --user "$DEV_USER" \
      --hostname "$WORKSPACE" \
      --label auto-cleanup=true \
      -v "${XDG_RUNTIME_DIR}"/podman/podman.sock:/run/podman/podman.sock \
      "$IMAGE" -- "$TMUX_SESSION"
  elif ! podman inspect -f '{{.State.Running}}' "$WORKSPACE" | grep -q true; then
    log "⚡ Starting existing container $WORKSPACE..."
    podman start "$WORKSPACE" >/dev/null 2>&1
  fi
  sleep 1
}

# After devuser exits...
check_devuser_attached() {
  # Get list of clients
  client_users=$(podman exec "$WORKSPACE" tmux list-clients -t "$TMUX_SESSION" -F "#{client_user}" 2>/dev/null)

  if echo "$client_users" | grep -q "$DEV_USER"; then
    log "💡 devuser still attached — container stays running"
    return 0
  else
    log "🏃 $PERSON has logged out — stopping container"
    podman stop "$WORKSPACE" >/dev/null 2>&1
    return 1
  fi
}

# === Main ===

case "$MODE" in
rw)
  start_container_if_needed

  # Run tmux session inside the container
  if ! podman exec -it --user "$DEV_USER" "$WORKSPACE" tmux has-session -t "$TMUX_SESSION" >/dev/null 2>&1; then
    if ! podman exec -it --user "$DEV_USER" "$WORKSPACE" tmux new-session -d -s "$TMUX_SESSION" >/dev/null 2>&1; then
      log "❌ Could not create new tmux session. Please contact admin or try again later."
      exit 1
    fi
  fi

  log "⚡ $PERSON is working on $WORKSPACE's workspace"
  if ! podman exec -it --user "$DEV_USER" "$WORKSPACE" tmux attach -t "$TMUX_SESSION"; then
    log "❌ Could not attach to tmux session. Please contact admin or try again later."
    exit 1
  fi
  log "⚡ $PERSON finished working on $WORKSPACE's worksapce"

  check_devuser_attached
  exit 0
  ;;
ro)
  if (podman container exists "$WORKSPACE" && podman inspect -f '{{.State.Running}}' "$WORKSPACE" | grep -q true) >/dev/null 2>&1; then
    log "📜 $PERSON is viewing $WORKSPACE's workspace"
    if ! podman exec -it --user "$DEV_USER" "$WORKSPACE" tmux attach -r -t "$TMUX_SESSION"; then
      log "❌ Could not attach to tmux session. Please contact admin or try again later."
      exit 1
    fi
    log "🏃 $PERSON stopped viewing $WORKSPACE's workspace"
    exit 0
  else
    log "❌ Workspace for $WORKSPACE does not exist."
    exit 1
  fi
  ;;
*)
  log "❌ Invalid access mode: $MODE"
  exit 1
  ;;
esac