dotfiles/bin/passget

#!/bin/bash

if [ -z "$1" ]; then
    echo 'Nothing to get'
    exit 1
fi

set -euo pipefail

# This depends on having the custom `op` wrapper in this directory.
# Specifically, it depends on automatically logging the user in if a session
# token hasn't already been saved.  If the wrapper can't be installed,
# uncomment this line instead:
#
# op list vaults >/dev/null 2>&1 || eval "$(op signin)"

# TODO: Print vault name instead of ID

# This cannot be done easily with simple replacement.  It actually needed
# "real" regexes!
#
# shellcheck disable=SC2001
url=$(sed -E 's%https?://%%' <<< "$1")
mapfile -t matches < <(op list items | jq -c '.[] | select(.overview.url and (.overview.url | contains("'"${url}"'"))) | { uuid: .uuid, url: .overview.url, vault: .vaultUuid }')

if [ "${#matches[@]}" -eq 0 ]; then
    >&2 echo "No matches found for ${url}"
    exit 1
elif [ "${#matches[@]}" -eq 1 ]; then
    item="${matches[0]}"
    uuid="$(echo "${item}" | jq -r '.uuid')"
else
    uuid="$(echo "${matches[@]}" \
        | jq -r '"\(.uuid) \(.url) \(.vault)"' \
        | fzf \
        | cut -d ' ' -f 1)"
fi

query_username='.details.fields[] | select(.designation == "username") | .value'
query_password='.details.fields[] | select(.designation == "password") | .value'
query_url='.overview.url'

item="$(op get item "${uuid}")"

url="$(echo "${item}" | jq -r "${query_url}")"
echo "Login for ${url} (${uuid})"

echo "${item}" | jq -r "${query_username}" | xsel -bi
echo 'Username clipped'

read -r _
echo "${item}" | jq -r "${query_password}" | xsel -bi
echo 'Password clipped.  Clearing in 60 seconds.'

# `at` doesn't forward the DISPLAY variable.  This workaround ensures that X is
# available to xsel.
at -M 'now + 1 minute' >/dev/null 2>&1 <<CMD
DISPLAY="${DISPLAY}" xsel-clear
CMD