#!/bin/bash
set -eu

AUTO_LOCK=3600
BW_SESSION=

exit_error() {
  echo "$2"
  keyctl purge user bw_master || true
  keyctl purge user bw_session || true
  exit "$1"
}

ask_password() {
  systemd-ask-password --keyname=bw_master --accept-cached --timeout=10 "Master Password: " \
    | bw unlock --raw 2>/dev/null || exit_error $? "Could not unlock vault"
}

get_session_key() {
  if [ $AUTO_LOCK -eq 0 ]; then
    keyctl purge user bw_session &>/dev/null
    BW_SESSION=$(ask_password)
  else
    if ! key_id=$(keyctl request user bw_session 2>/dev/null); then
      session=$(ask_password)
      [[ -z "$session" ]] && exit_error 1 "Could not unlock vault"
      key_id=$(echo "$session" | keyctl padd user bw_session @u)
    fi

    keyctl timeout "$key_id" $AUTO_LOCK
    BW_SESSION=$(keyctl pipe "$key_id")
  fi
}

get_session_key

folder=$(bw list folders --session ${BW_SESSION} --search ssh | jq -r '.[].id')
items=$(bw list items --session ${BW_SESSION} --folderid ${folder})

keys="$@"
if [[ -z "$keys" ]]; then
  keys=$(jq -r '.[].name' <<< $items | fzf -1 -0)
fi

for key in $keys; do
  _tmp=$(mktemp -d)
  cd $_tmp
  mkdir -p $(dirname $key)
  ln -s /dev/stdin $key

  function cleanup {
    rm -rf $_tmp
  }
  trap cleanup EXIT

  jq -r ".[] | select(.name == \"${key}\") | .notes" <<< $items | ssh-add $key
done