#!/bin/bash -e

team=$(jq -r .accounts[0].shorthand ~/.op/config)
email=$(jq -r .accounts[0].email ~/.op/config)
user_uuid=$(jq -r .accounts[0].userUUID ~/.op/config)
if [ -f ~/.with-op.json ]
then
  prefix=$(jq -r .prefix ~/.with-op.json)
else
  prefix=
fi
account_alias="${prefix?}${team:?}/${email:?}"
session_varname="OP_SESSION_${user_uuid:?}"

if session=$(local-keychain-get 1password "${account_alias:?}")
then
  declare "${session_varname:?}"="${session:?}"
  export "${session_varname:?}"
  if ! op account get >/dev/null
  then
    # session must have expired
    declare "${session_varname:?}"=

    local-keychain-clear 1password "${account_alias:?}"
  fi
fi

if [ -z "${!session_varname}" ]
then
  my_password="$(prompt-for-password --prompt "Password:" "Please enter your 1Password master password")"
  eval "$(op signin --account "${team:?}" <<< "${my_password:?}")"
  if [ -z "${!session_varname}" ]
  then
    exit 1
  fi

  local-keychain-store 1password "${account_alias:?}" <<< "${!session_varname}" || true
fi

exec "$@"
