#!/bin/bash

echo "=== 修复 TUN 模式下的 SSH 连接 ==="
echo ""

WSL_HOST_IP=$(ip route show | grep default | awk '{print $3}')
echo "Windows 主机 IP: $WSL_HOST_IP"
echo "混合代理端口: 7897"
echo ""

# 1. 检查 Clash Verge 的局域网连接设置
echo "1. 重要提示："
echo "   请检查 Clash Verge 设置中的 '局域网连接' 选项"
echo "   如果未启用，WSL 无法访问代理端口"
echo "   路径：设置 -> Clash 设置 -> 局域网连接"
echo ""
read -p "局域网连接已启用？(y/n): " lan_enabled
if [ "$lan_enabled" != "y" ] && [ "$lan_enabled" != "Y" ]; then
    echo ""
    echo "⚠️  请先启用 '局域网连接'，然后重新运行此脚本"
    exit 1
fi
echo ""

# 2. 测试端口连接
echo "2. 测试端口连接..."
if timeout 3 bash -c "echo > /dev/tcp/$WSL_HOST_IP/7897" 2>/dev/null; then
    echo "✓ 端口 7897 可达"
else
    echo "✗ 端口 7897 不可达"
    echo ""
    echo "可能的原因："
    echo "1. Clash Verge 的 '局域网连接' 未启用"
    echo "2. Windows 防火墙阻止了端口"
    echo "3. Clash Verge 未运行"
    echo ""
    echo "请检查后重试"
    exit 1
fi
echo ""

# 3. 测试代理功能
echo "3. 测试代理功能..."
export http_proxy=http://$WSL_HOST_IP:7897
export https_proxy=http://$WSL_HOST_IP:7897

echo "测试 HTTP 代理..."
if timeout 5 curl -s --proxy "$http_proxy" https://www.google.com > /dev/null 2>&1; then
    echo "✓ HTTP 代理工作正常"
    HTTP_WORKS=true
else
    echo "✗ HTTP 代理测试失败"
    HTTP_WORKS=false
fi
echo ""

# 4. 配置 SSH（使用 connect-proxy）
echo "4. 配置 SSH..."
SSH_CONFIG="$HOME/.ssh/config"
KEY_PATH="$HOME/.ssh/id_ed25519"

# 确保 connect-proxy 已安装
if ! command -v connect-proxy > /dev/null 2>&1; then
    echo "安装 connect-proxy..."
    sudo apt-get update -qq
    sudo apt-get install -y connect-proxy
fi

# 备份
if [ -f "$SSH_CONFIG" ]; then
    cp "$SSH_CONFIG" "$SSH_CONFIG.backup.$(date +%Y%m%d_%H%M%S)"
fi

# 删除旧的 hf.co 配置
if grep -q "Host hf.co" "$SSH_CONFIG" 2>/dev/null; then
    sed -i '/^Host hf.co$/,/^$/d' "$SSH_CONFIG"
fi

# 添加配置
cat >> "$SSH_CONFIG" << EOF

# Hugging Face SSH 配置（通过混合代理端口 7897）
Host hf.co
    HostName hf.co
    User git
    Port 443
    IdentityFile $KEY_PATH
    IdentitiesOnly yes
    StrictHostKeyChecking accept-new
    ConnectTimeout 15
    ProxyCommand connect-proxy -H $WSL_HOST_IP:7897 %h %p
    ServerAliveInterval 30
    ServerAliveCountMax 3
    TCPKeepAlive yes
    LogLevel ERROR
EOF

chmod 600 "$SSH_CONFIG"
chmod 600 "$KEY_PATH"
chmod 644 "$KEY_PATH.pub"

echo "✓ SSH 配置已完成"
echo ""

# 5. 测试 SSH 连接
echo "5. 测试 SSH 连接..."
echo "（这可能需要几秒钟）"
timeout 20 ssh -T -v git@hf.co 2>&1 | tee /tmp/ssh_test.log

SSH_EXIT=${PIPESTATUS[0]}

echo ""
if [ $SSH_EXIT -eq 0 ] || [ $SSH_EXIT -eq 1 ]; then
    echo "✓ SSH 连接成功！"
    echo ""
    echo "=== 配置完成 ==="
    echo "现在可以正常使用 git push 了"
else
    echo "✗ SSH 连接失败"
    echo ""
    echo "查看详细日志："
    grep -E "(Connecting|Authenticated|successfully|Connection|timeout|error|failed)" /tmp/ssh_test.log | head -10
    echo ""
    echo "如果仍然失败，请检查："
    echo "1. Clash Verge 的 '局域网连接' 是否已启用并保存"
    echo "2. Windows 防火墙是否允许端口 7897"
    echo "3. 尝试重启 Clash Verge"
fi