#!/bin/sh

# This script mounts an gocryptfs filesystem, starts a shell in the mounted
# directory, and then unmounts the filesystem when the shell exits. This is an
# equivalent of the encfssh script by by David Rosenstrauch.

canonicalize() {
	cd "$1" || return
	pwd
}


case $1 in "" | -h | --help)
	echo "Usage: gocryptfssh encrypted_directory [unencrypted-directory [-p]]"
	echo "  -p   mount the unencrypted directory as public"
	exit 1
	;;
esac

enc_dir=$1
unenc_dir_given=false
mount_public=false
if [ ! -z "$2" ]; then
    unenc_dir_given=true
    unenc_dir=$2
    for arg in "$@" ; do
	if [ "$arg" = "-p" ]; then
	    mount_public=true
	fi
    done
    [ -d "$unenc_dir" ] || mkdir -- "$unenc_dir"
else
    unenc_dir=$(mktemp -d .XXXXXXXX)
fi

if [ ! -d "$enc_dir" ]; then
    mkdir -- "$enc_dir"
fi

enc_dir=$(canonicalize "$enc_dir")
unenc_dir=$(canonicalize "$unenc_dir")

options=
if [ "$unenc_dir_given" = "true" ]; then
    if [ "$mount_public" = "true" ]; then
	options="-- -o allow_other"
    fi
fi

# Attach the directory and change into it

if gocryptfs "$enc_dir" "$unenc_dir" $options; then :; else
    echo "gocryptfs failed"
    rmdir -- "$unenc_dir"
    exit 1
fi
if ! [ "$unenc_dir_given" = "true" ]; then
    chmod 700 "$unenc_dir"
fi
echo "Directory is $unenc_dir" >&2
cd "$unenc_dir" || exit

# Fall back to umount if fusermount is not available (e.g., on OS X)
fuse_umount() {
	if command -v fusermount >/dev/null 2>&1; then
		fusermount -u "$@"
	else
		umount "$@" # MacOS case
	fi
}

# Honor the SHELL environment variable to select a shell to run
"$SHELL"; retval=$?

# ensure that this shell isn't itself holding the mounted directory open
# ...but avoid terminating on failure, *or* causing a shellcheck warning for
#    failing to check exit status from cd.
cd / ||:

# if unmount fails, skip rmdir, always use exit status of failure
fuse_umount "$unenc_dir" || exit

if ! [ "$unenc_dir_given" = true ]; then
	rmdir -- "$unenc_dir"
fi
exit "$retval"