#!/bin/bash

echo "========================================="
echo "SSH配置验证脚本"
echo "========================================="
echo ""

# 检查SSH目录和权限
echo "1. 检查SSH目录和权限"
echo "----------------------------------------"
if [ -d ~/.ssh ]; then
    echo "✅ SSH目录存在: ~/.ssh"
    ls -la ~/.ssh/
else
    echo "❌ SSH目录不存在"
    mkdir -p ~/.ssh
    echo "✅ 已创建SSH目录"
fi

echo ""
echo "2. 检查SSH私钥"
echo "----------------------------------------"
if [ -f ~/.ssh/id_rsa ]; then
    echo "✅ SSH私钥文件存在"
    echo "文件大小: $(wc -c < ~/.ssh/id_rsa) bytes"
    echo "文件权限: $(ls -la ~/.ssh/id_rsa | cut -d' ' -f1)"
    echo ""
    echo "私钥内容预览 (前100字符):"
    head -c 100 ~/.ssh/id_rsa
    echo ""
    echo "私钥格式检查:"
    if grep -q "BEGIN OPENSSH PRIVATE KEY" ~/.ssh/id_rsa; then
        echo "✅ 私钥格式正确 (OpenSSH格式)"
    elif grep -q "BEGIN RSA PRIVATE KEY" ~/.ssh/id_rsa; then
        echo "⚠️  私钥格式为传统RSA格式，建议转换为OpenSSH格式"
    else
        echo "❌ 私钥格式不正确"
    fi
else
    echo "❌ SSH私钥文件不存在"
fi

echo ""
echo "3. 检查known_hosts"
echo "----------------------------------------"
if [ -f ~/.ssh/known_hosts ]; then
    echo "✅ known_hosts文件存在"
    echo "包含的主机数量: $(wc -l < ~/.ssh/known_hosts)"
    if grep -q "git.f.novalon.cn" ~/.ssh/known_hosts; then
        echo "✅ git.f.novalon.cn 已在known_hosts中"
    else
        echo "⚠️  git.f.novalon.cn 不在known_hosts中"
        echo "正在添加..."
        ssh-keyscan -H git.f.novalon.cn >> ~/.ssh/known_hosts 2>/dev/null
        echo "✅ 已添加git.f.novalon.cn到known_hosts"
    fi
else
    echo "❌ known_hosts文件不存在"
    touch ~/.ssh/known_hosts
    echo "✅ 已创建known_hosts文件"
fi

echo ""
echo "4. 测试SSH连接"
echo "----------------------------------------"
echo "测试连接到 git.f.novalon.cn..."
ssh -o StrictHostKeyChecking=no -T git@git.f.novalon.cn 2>&1 | head -5

if [ $? -eq 0 ]; then
    echo "✅ SSH连接测试成功"
else
    echo "❌ SSH连接测试失败"
    echo "可能的原因:"
    echo "  - SSH私钥配置错误"
    echo "  - 私钥未添加到Git服务器的authorized_keys"
    echo "  - 网络连接问题"
    echo "  - 服务器防火墙限制"
fi

echo ""
echo "5. 测试Git远程访问"
echo "----------------------------------------"
echo "测试Git远程仓库访问..."
git ls-remote git@git.f.novalon.cn:novalon/novalon-website.git --heads 2>&1 | head -3

if [ $? -eq 0 ]; then
    echo "✅ Git远程访问测试成功"
else
    echo "❌ Git远程访问测试失败"
fi

echo ""
echo "========================================="
echo "验证完成"
echo "========================================="
echo ""
echo "建议操作:"
echo "1. 如果SSH连接失败，请检查Woodpecker CI中的ssh_private_key secret配置"
echo "2. 确保私钥已添加到Git服务器的authorized_keys中"
echo "3. 验证网络连接和防火墙设置"
echo "4. 重新运行此脚本验证修复效果"