package main

import (
	"context"
	"flag"
	"fmt"
	"os"
	"time"

	"git.netcell-it.de/projekte/edgeguard-native/internal/database"
	"git.netcell-it.de/projekte/edgeguard-native/internal/services/secrets"
	"git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard"
)

// cmdWGImport reads /etc/wireguard/*.conf (or a custom dir via
// --path) and translates each [Interface]+[Peer] block into rows in
// wireguard_interfaces / wireguard_peers. Idempotent: ifaces with a
// name that already exists in the DB are skipped (no overwrite).
//
// Use after a fresh EdgeGuard install on a box that already had a
// hand-rolled WireGuard setup — keeps existing tunnels live across
// the migration. After import, run `edgeguard-ctl render-config` to
// re-emit the conf files under /etc/edgeguard/wireguard/ and start
// the wg-quick@ units. The original /etc/wireguard files are left
// in place for fallback.
func cmdWGImport(args []string) int {
	fs := flag.NewFlagSet("wg-import", flag.ExitOnError)
	path := fs.String("path", "/etc/wireguard", "directory holding *.conf files")
	if err := fs.Parse(args); err != nil {
		return 2
	}

	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
	defer cancel()

	pool, err := database.Open(ctx, database.ConnStringFromEnv())
	if err != nil {
		fmt.Fprintln(os.Stderr, "wg-import: open db:", err)
		return 1
	}
	defer pool.Close()

	box := secrets.New("")
	im := wireguard.NewImporter(
		wireguard.NewInterfacesRepo(pool),
		wireguard.NewPeersRepo(pool),
		box,
	)
	res, err := im.ImportDir(ctx, *path)
	if err != nil {
		fmt.Fprintln(os.Stderr, "wg-import:", err)
		return 1
	}
	fmt.Printf("wg-import: %d ifaces added, %d peers added\n", res.IfacesAdded, res.PeersAdded)
	for _, s := range res.Skipped {
		fmt.Printf("  skipped: %s\n", s)
	}
	if res.IfacesAdded > 0 {
		fmt.Println("\nNext: edgeguard-ctl render-config (re-emits configs + starts wg-quick@<iface>)")
	}
	return 0
}