"""
SSH keys management utilities.
"""

import subprocess
from sqlalchemy import select
from app.core.database import async_session_maker
from app.models.device import Device


async def sync_authorized_keys():
    """
    Sync all device SSH keys to /home/tunnel/.ssh/authorized_keys

    This should be called:
    - After device registration (to add new key)
    - After device deletion (to remove key)
    """
    try:
        async with async_session_maker() as session:
            result = await session.execute(select(Device))
            devices = result.scalars().all()

            keys = []
            for device in devices:
                if device.config and 'ssh_public_key' in device.config:
                    ssh_key = device.config['ssh_public_key'].strip()
                    if ssh_key:
                        keys.append(f"{ssh_key} # {device.mac_address}")

            authorized_keys_content = "\n".join(keys) + "\n" if keys else ""

            # Write using sudo
            subprocess.run(
                ["sudo", "tee", "/home/tunnel/.ssh/authorized_keys"],
                input=authorized_keys_content.encode(),
                stdout=subprocess.DEVNULL,
                check=True
            )
            subprocess.run(
                ["sudo", "chmod", "600", "/home/tunnel/.ssh/authorized_keys"],
                check=True
            )
            subprocess.run(
                ["sudo", "chown", "tunnel:tunnel", "/home/tunnel/.ssh/authorized_keys"],
                check=True
            )

            print(f"[SSH] Synced {len(keys)} keys to authorized_keys")
    except Exception as e:
        print(f"[SSH] Failed to sync authorized_keys: {e}")