#!/bin/sh
set -eu

PROXY_HOST="${LSWORKER_PROXY_HOST:-}"
PROXY_PORT="${LSWORKER_PROXY_PORT:-1080}"
PROXY_USER="${LSWORKER_PROXY_USER:-}"
PROXY_PASS="${LSWORKER_PROXY_PASS:-}"
CONTROL_PORT="${LSWORKER_CONTROL_PORT:-18081}"
REDSOCKS_PORT="${LSWORKER_REDSOCKS_PORT:-12345}"
NETWORK_READY_FILE="${LSWORKER_NETWORK_READY_FILE:-/run/lsworker/network-ready}"

mkdir -p "$(dirname "${NETWORK_READY_FILE}")"

if [ -z "${PROXY_HOST}" ]; then
  echo "LSWORKER_PROXY_HOST is required" >&2
  exit 1
fi

PROXY_IP="$(getent ahostsv4 "${PROXY_HOST}" | awk 'NR==1 {print $1}')"
if [ -z "${PROXY_IP}" ]; then
  echo "failed to resolve proxy host: ${PROXY_HOST}" >&2
  exit 1
fi

cat >/tmp/redsocks.conf <<EOF
base {
  log_debug = off;
  log_info = on;
  daemon = off;
  redirector = iptables;
}

redsocks {
  local_ip = 0.0.0.0;
  local_port = ${REDSOCKS_PORT};
  ip = ${PROXY_IP};
  port = ${PROXY_PORT};
  type = socks5;
EOF

if [ -n "${PROXY_USER}" ]; then
  printf '  login = "%s";\n' "${PROXY_USER}" >>/tmp/redsocks.conf
fi
if [ -n "${PROXY_PASS}" ]; then
  printf '  password = "%s";\n' "${PROXY_PASS}" >>/tmp/redsocks.conf
fi

cat >>/tmp/redsocks.conf <<EOF
}
EOF

redsocks -c /tmp/redsocks.conf >/tmp/redsocks.log 2>&1 &
REDSOCKS_PID="$!"
trap 'kill "${REDSOCKS_PID}" >/dev/null 2>&1 || true' EXIT

sleep 1

iptables -t nat -N REDSOCKS 2>/dev/null || true
iptables -t nat -F REDSOCKS
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.11/32 -j RETURN
iptables -t nat -A REDSOCKS -d "${PROXY_IP}/32" -j RETURN
iptables -t nat -A REDSOCKS -p tcp --dport "${CONTROL_PORT}" -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports "${REDSOCKS_PORT}"
iptables -t nat -D OUTPUT -p tcp -j REDSOCKS 2>/dev/null || true
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS

touch "${NETWORK_READY_FILE}"

exec gosu sub2api /app/lsworker