#!/bin/bash

echo "== Flexible User Creation Script =="
echo

# Prompt for username
read -p "Username to create (required): " USERNAME
if [[ -z "$USERNAME" ]]; then
    echo "Error: Username is required."
    exit 1
fi

# Prompt for public key
read -p "Paste the SSH public key: " PUBKEY
if [[ -z "$PUBKEY" ]]; then
    echo "Error: Public key is required."
    exit 1
fi

# Prompt for optional groups
read -p "Comma-separated groups to add (e.g. sudo,docker): " GROUPS
GROUPS=$(echo "$GROUPS" | tr -d '[:space:]')  # remove all whitespace
IFS=',' read -ra GROUP_ARRAY <<< "$GROUPS"

# Check if user exists
if id "$USERNAME" &>/dev/null; then
    echo "[*] User '$USERNAME' already exists. Skipping creation."
else
    echo "[+] Creating user: $USERNAME"
    useradd -m -s /bin/bash "$USERNAME"
fi

# Add user to groups
for group in "${GROUP_ARRAY[@]}"; do
    if [[ -n "$group" ]]; then
        if getent group "$group" > /dev/null; then
            echo "[+] Adding $USERNAME to group: $group"
            usermod -aG "$group" "$USERNAME"
        else
            echo "[!] Warning: Group '$group' does not exist. Skipping."
        fi
    fi
done

# Setup SSH access
AUTHORIZED_KEYS="/home/$USERNAME/.ssh/authorized_keys"
mkdir -p "$(dirname "$AUTHORIZED_KEYS")"
touch "$AUTHORIZED_KEYS"
chmod 700 "$(dirname "$AUTHORIZED_KEYS")"
chmod 600 "$AUTHORIZED_KEYS"
chown -R "$USERNAME:$USERNAME" "/home/$USERNAME/.ssh"

# Add key if not already present
if grep -Fxq "$PUBKEY" "$AUTHORIZED_KEYS"; then
    echo "[*] Public key already present. Skipping."
else
    echo "$PUBKEY" >> "$AUTHORIZED_KEYS"
    echo "[+] Public key added."
fi

# Done
echo
echo "[✓] User '$USERNAME' setup complete."
[[ ${#GROUP_ARRAY[@]} -gt 0 ]] && echo "[✓] Groups added: ${GROUP_ARRAY[*]}"
echo "[✓] SSH access configured."