// wireguardconfig.h — Parsed representation of a WireGuard .conf file.
//
// DragonRelay returns a standard .conf from POST /api/vpn/peer.
// This class parses it so TunnelManager can bring up the tunnel.

#pragma once

#include <QString>
#include <QStringList>

struct WireGuardConfig {
    // ── [Interface] ────────────────────────────────────────────────────────
    QString  privateKey;  ///< Base64 private key for this peer.
    QString  address;     ///< CIDR assigned to this peer, e.g. "10.99.0.2/24".
    QString  dns;         ///< Optional DNS server, e.g. "1.1.1.1".

    // ── [Peer] ─────────────────────────────────────────────────────────────
    QString     peerPublicKey;        ///< Base64 public key of the WireGuard server.
    QString     presharedKey;         ///< Base64 preshared key (may be empty).
    QString     endpoint;             ///< "host:port" of the server, e.g. "1.2.3.4:51820".
    QStringList allowedIPs;           ///< CIDRs routed through the tunnel.
    uint16_t    persistentKeepalive = 25; ///< Keepalive interval in seconds.

    // ── Helpers ────────────────────────────────────────────────────────────

    /// Returns the host portion of endpoint (strips the port).
    QString endpointHost() const;

    /// Returns the port portion of endpoint, defaulting to 51820.
    quint16 endpointPort() const;

    /// Returns the bare IP from address (strips the CIDR prefix length).
    QString localIP() const;

    /// True if all required fields are present.
    bool isValid() const;

    // ── Factory ────────────────────────────────────────────────────────────

    /// Parse a WireGuard .conf string as returned by DragonRelay.
    /// Unrecognised keys are silently ignored.
    static WireGuardConfig fromConf(const QString &conf);
};