#!/usr/bin/env bash
# VayDNS Client Quick Installer
# Usage: bash <(curl -fsSL https://vaydns.orx.ma/install_client.sh)

set -e

VAYDNS_DIR="/opt/vaydns"
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
CYAN='\033[0;36m'; BOLD='\033[1m'; NC='\033[0m'

info()  { echo -e "  ${GREEN}[+]${NC} $*"; }
warn()  { echo -e "  ${YELLOW}[!]${NC} $*"; }
error() { echo -e "  ${RED}[✗]${NC} $*"; exit 1; }

echo -e "${CYAN}${BOLD}"
echo "  VayDNS Client Setup"
echo "  ──────────────────"
echo -e "${NC}"

[[ $EUID -ne 0 ]] && error "Run as root"
[[ ! -f "$VAYDNS_DIR/vaydns-client" ]] && error "Run setup.sh first: bash <(curl -fsSL https://vaydns.orx.ma/setup.sh)"

echo -e "  ${BOLD}Configure your VayDNS Client${NC}\n"

read -rp "  Tunnel domain (must match server, e.g. t.example.com): " DOMAIN
[[ -z "$DOMAIN" ]] && error "Domain is required"

read -rp "  Server public key (hex string): " PUBKEY
[[ -z "$PUBKEY" ]] && error "Public key is required"

echo -e "\n  Transport mode:"
echo "    [1] DoH — DNS over HTTPS (recommended, most covert)"
echo "    [2] DoT — DNS over TLS"
echo "    [3] UDP — Plaintext (no covertness)"
read -rp "  Choice [1]: " TR_CHOICE
TR_CHOICE="${TR_CHOICE:-1}"

case "$TR_CHOICE" in
  1)
    TRANSPORT="doh"
    read -rp "  DoH resolver URL [https://doh.cloudflare.com/dns-query]: " DOH_URL
    DOH_URL="${DOH_URL:-https://doh.cloudflare.com/dns-query}"
    TRANSPORT_FLAG="-doh $DOH_URL"
    read -rp "  uTLS profile [weighted/Firefox/Chrome/random/none] [weighted]: " UTLS
    UTLS="${UTLS:-weighted}"
    ;;
  2)
    TRANSPORT="dot"
    read -rp "  DoT resolver (host:853): " DOT_ADDR
    [[ -z "$DOT_ADDR" ]] && error "DoT address required"
    TRANSPORT_FLAG="-dot $DOT_ADDR"
    ;;
  3)
    TRANSPORT="udp"
    read -rp "  UDP resolver [8.8.8.8:53]: " UDP_ADDR
    UDP_ADDR="${UDP_ADDR:-8.8.8.8:53}"
    TRANSPORT_FLAG="-udp $UDP_ADDR"
    ;;
  *) error "Invalid choice" ;;
esac

read -rp "  Local listen address [127.0.0.1:7000]: " LISTEN
LISTEN="${LISTEN:-127.0.0.1:7000}"

read -rp "  Record type [txt]: " RECTYPE
RECTYPE="${RECTYPE:-txt}"

read -rp "  Log level [info]: " LOGLEVEL
LOGLEVEL="${LOGLEVEL:-info}"

mkdir -p "$VAYDNS_DIR/keys" "$VAYDNS_DIR/logs"

PUBKEY_FILE="$VAYDNS_DIR/keys/server.pub"
echo "$PUBKEY" > "$PUBKEY_FILE"
chmod 644 "$PUBKEY_FILE"
info "Public key saved to $PUBKEY_FILE"

info "Writing configuration..."
if [[ -f "$VAYDNS_DIR/vaydns.conf" ]]; then
  python3 - <<PYEOF
import configparser
cfg = configparser.ConfigParser()
cfg.read("$VAYDNS_DIR/vaydns.conf")
if "client" not in cfg:
    cfg["client"] = {}
cfg["client"]["domain"]       = "$DOMAIN"
cfg["client"]["listen"]       = "$LISTEN"
cfg["client"]["pubkey_file"]  = "$PUBKEY_FILE"
cfg["client"]["transport"]    = "$TRANSPORT"
cfg["client"]["doh_url"]      = "${DOH_URL:-}"
cfg["client"]["dot_addr"]     = "${DOT_ADDR:-}"
cfg["client"]["udp_addr"]     = "${UDP_ADDR:-8.8.8.8:53}"
cfg["client"]["record_type"]  = "$RECTYPE"
cfg["client"]["idle_timeout"] = "10s"
cfg["client"]["keepalive"]    = "2s"
cfg["client"]["log_level"]    = "$LOGLEVEL"
cfg["client"]["utls"]         = "${UTLS:-weighted}"
with open("$VAYDNS_DIR/vaydns.conf", "w") as f:
    cfg.write(f)
PYEOF
else
  python3 "$VAYDNS_DIR/menu.py" --status >/dev/null 2>&1 || true
fi

BUILD_CMD="$VAYDNS_DIR/vaydns-client $TRANSPORT_FLAG -pubkey-file $PUBKEY_FILE -domain $DOMAIN -listen $LISTEN -record-type $RECTYPE -idle-timeout 10s -keepalive 2s -log-level $LOGLEVEL"
[[ "$TRANSPORT" == "doh" && -n "$UTLS" && "$UTLS" != "none" ]] && BUILD_CMD="$BUILD_CMD -utls $UTLS"

info "Creating systemd service..."
cat > /etc/systemd/system/vaydns-client.service <<EOF
[Unit]
Description=VayDNS Client
After=network.target

[Service]
ExecStart=$BUILD_CMD
Restart=on-failure
RestartSec=5
StandardOutput=append:$VAYDNS_DIR/logs/client.log
StandardError=append:$VAYDNS_DIR/logs/client.log

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable vaydns-client
systemctl start vaydns-client

echo ""
echo -e "  ${GREEN}${BOLD}✔ VayDNS Client started!${NC}"
echo ""
echo -e "  ${BOLD}Tunnel listening on:${NC} ${CYAN}$LISTEN${NC}"
echo ""
echo -e "  ${BOLD}Test with:${NC}"
echo -e "    nc -z $(echo "$LISTEN" | cut -d: -f1) $(echo "$LISTEN" | cut -d: -f2) && echo 'Tunnel OK'"
echo -e "    curl --proxy http://$LISTEN/ https://wtfismyip.com/text"
echo ""
echo -e "  ${BOLD}Manage with:${NC} vaydns"