#!/bin/bash
# =============================================================
# 节点 2：海外 CN 中转机
# 部署：GOST 双向中转
#   接收上海: relay+tls :3456  →  转发到美国落地 :8443
# =============================================================
# 用法：bash setup-node2-cn-relay.sh

set -euo pipefail
GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m'
ok()   { echo -e "${GREEN}✅ $*${NC}"; }
info() { echo -e "${YELLOW}ℹ  $*${NC}"; }
fail() { echo -e "${RED}❌ $*${NC}"; }

# ── 配置（修改这里）──────────────────────────────────
US_LANDING_IP="${US_LANDING_IP:-}"        # 美国落地机 IP
GOST_USER="${GOST_USER:-gostuser}"
GOST_PASS="${GOST_PASS:-$(openssl rand -hex 8)}"
LISTEN_PORT_FROM_SH="${LISTEN_PORT_FROM_SH:-3456}"   # 接收上海的端口
LISTEN_PORT_TO_US="${LISTEN_PORT_TO_US:-8443}"        # 美国落地机监听端口

echo "================================================"
echo "  节点2：海外CN中转机 部署"
echo "================================================"

# 检查必填
if [ -z "$US_LANDING_IP" ]; then
    read -rp "请输入美国落地机 IP: " US_LANDING_IP
fi

# ── 1. 安装 GOST ────────────────────────────────────
if ! command -v gost &>/dev/null; then
    info "安装 GOST..."
    ARCH=$(uname -m)
    [ "$ARCH" = "x86_64" ] && GARCH="amd64" || GARCH="arm64"
    LATEST=$(curl -sf https://api.github.com/repos/go-gost/gost/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
    VER="${LATEST#v}"
    wget -qO /tmp/gost.tar.gz \
        "https://github.com/go-gost/gost/releases/download/${LATEST}/gost_${VER}_linux_${GARCH}.tar.gz"
    tar xzf /tmp/gost.tar.gz -C /tmp/
    mv /tmp/gost /usr/local/bin/gost
    chmod +x /usr/local/bin/gost
fi
ok "GOST $(gost -V 2>/dev/null | head -1 || echo '已安装')"

# ── 2. 创建 Systemd 服务 ────────────────────────────
# 中转机职责：
#   - 接收上海 sub2api 发来的 relay+tls 连接（:3456）
#   - 将流量通过 relay+tls 转发到美国落地机（:8443）
cat > /etc/systemd/system/gost-sub2api-relay.service << EOF
[Unit]
Description=GOST sub2api CN Relay - 接收上海转发到美国落地
After=network.target

[Service]
Type=simple
User=nobody
ExecStart=/usr/local/bin/gost \\
    -L "http://${GOST_USER}:${GOST_PASS}@:${LISTEN_PORT_FROM_SH}" \\
    -F "relay+tls://${GOST_USER}:${GOST_PASS}@${US_LANDING_IP}:${LISTEN_PORT_TO_US}"
Restart=always
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable gost-sub2api-relay
systemctl restart gost-sub2api-relay
sleep 2
ok "GOST 中转服务已启动（服务名: gost-sub2api-relay，不影响现有 gost-relay）"

# ── 3. 防火墙开放端口 ───────────────────────────────
if command -v ufw &>/dev/null; then
    ufw allow "${LISTEN_PORT_FROM_SH}/tcp" comment "GOST from Shanghai" 2>/dev/null || true
    ufw allow ssh 2>/dev/null || true
    ok "ufw 端口已开放"
fi

# ── 4. 输出上海配置 ─────────────────────────────────
MY_IP=$(curl -sf ipinfo.io/ip 2>/dev/null || echo '<本机IP>')
echo ""
echo "================================================"
echo "  节点2 部署完成"
echo "================================================"
echo ""
echo "【上海服务器 .env 填写以下值】"
echo "  GATEWAY_NODE_TLS_PROXY_LISTEN_HOST=${MY_IP}"
echo "  GATEWAY_NODE_TLS_PROXY_LISTEN_PORT=${LISTEN_PORT_FROM_SH}"
echo ""
echo "【GOST 认证信息（勿泄露）】"
echo "  用户名: ${GOST_USER}"
echo "  密码:   ${GOST_PASS}"
echo ""
systemctl status gost-sub2api-relay --no-pager -l | tail -5