#!/bin/bash

# === Configuración ===
VPN_NAME="FortiClient VPN"
DNS1="10.7.120.30"
DNS2="10.7.120.31"
RESOLVER_FILE="/etc/resolver/ttech.inet"
DNS_BACKUP_FILE="$HOME/.fortivpn_dns_backup"
NOTIFIER="/opt/homebrew/bin/terminal-notifier"  # Ajusta según tu sistema

# === Protección anti-ejecución múltiple ===
LOCK_FILE="/tmp/set-fortivpn-dns.lock"
LOCK_TIMEOUT=10  # segundos

if [ -f "$LOCK_FILE" ]; then
  last_run=$(stat -f "%m" "$LOCK_FILE")
  now=$(date +%s)
  if (( now - last_run < LOCK_TIMEOUT )); then
    echo "$(date): Script ejecutado recientemente. Saliendo." >> /tmp/fortivpn-dns.log
    exit 0
  fi
fi

touch "$LOCK_FILE"

# === Función para notificaciones ===
function notify() {
    TITLE="$1"
    MESSAGE="$2"
    USER=$(stat -f "%Su" /dev/console)
    sudo -u "$USER" "$NOTIFIER" -title "$TITLE" -message "$MESSAGE"
}

# === Detectar estado de la VPN ===
STATUS=$(scutil --nc status "$VPN_NAME" | head -n 1)
echo $STATUS

if [[ "$STATUS" == "Connected" ]]; then
    if [[ -f "$RESOLVER_FILE" ]]; then
        exit 
    fi

    echo "$(date): VPN conectada." >> /tmp/fortivpn-dns.log

    # Guardar DNS originales si no están guardados
    if [[ ! -f "$DNS_BACKUP_FILE" ]]; then
        networksetup -getdnsservers "$VPN_NAME" > "$DNS_BACKUP_FILE"
    fi

    # Aplicar nuevos DNS
    networksetup -setdnsservers "$VPN_NAME" $DNS1 $DNS2

    # Crear resolver para ttech.inet
    if [[ ! -f "$RESOLVER_FILE" ]]; then
        sudo /bin/mkdir -p /etc/resolver
        echo "nameserver $DNS1" | sudo /usr/bin/tee "$RESOLVER_FILE" > /dev/null
        echo "nameserver $DNS2" | sudo /usr/bin/tee -a "$RESOLVER_FILE" > /dev/null
    fi

    notify "✅ VPN Conectada" "DNS configurado y resolver ttech.inet creado"

else
    echo "$(date): VPN desconectada." >> /tmp/fortivpn-dns.log

    # Restaurar DNS originales
    if [[ -f "$DNS_BACKUP_FILE" ]]; then
        ORIGINAL_DNS=$(cat "$DNS_BACKUP_FILE")
        if [[ "$ORIGINAL_DNS" == "There aren't any DNS Servers set on"* ]]; then
            networksetup -setdnsservers "$VPN_NAME" "Empty"
        else
            networksetup -setdnsservers "$VPN_NAME" $ORIGINAL_DNS
        fi
        rm "$DNS_BACKUP_FILE"
    fi

    # Eliminar resolver
    if [[ -f "$RESOLVER_FILE" ]]; then
        sudo /bin/rm -f "$RESOLVER_FILE"
    	notify "🔌 VPN Desconectada" "DNS restaurado y resolver eliminado"
    fi

    #notify "🔌 VPN Desconectada" "DNS restaurado y resolver eliminado"
fi