#!/bin/bash
set -e

# Script to enable a previously disabled VPN client
# Usage: ./enable-client.sh <client_name>

if [ "$EUID" -ne 0 ]; then
    echo "ERROR: Please run as root"
    exit 1
fi

if [ -z "$1" ]; then
    echo "Usage: $0 <client_name>"
    echo "Example: $0 phone"
    exit 1
fi

CLIENT_NAME="$1"
KEYS_DIR="/etc/wireguard/keys"
CLIENTS_DIR="/etc/wireguard/clients"
WG_INTERFACE="wg0"

# Check if client exists
if [ ! -f "${KEYS_DIR}/client_${CLIENT_NAME}.pub" ]; then
    echo "ERROR: Client '${CLIENT_NAME}' does not exist"
    exit 1
fi

if [ ! -f "${CLIENTS_DIR}/${CLIENT_NAME}.conf" ]; then
    echo "ERROR: Client configuration file not found"
    exit 1
fi

CLIENT_PUBLIC_KEY=$(cat "${KEYS_DIR}/client_${CLIENT_NAME}.pub")

# Check if client is already active
if wg show ${WG_INTERFACE} | grep -q "${CLIENT_PUBLIC_KEY}"; then
    echo "Client '${CLIENT_NAME}' is already enabled"
    exit 0
fi

# Extract IP from client config
CLIENT_IP=$(grep "^Address" "${CLIENTS_DIR}/${CLIENT_NAME}.conf" | awk '{print $3}')

if [ -z "${CLIENT_IP}" ]; then
    echo "ERROR: Could not determine client IP from config"
    exit 1
fi

echo "Enabling VPN client: ${CLIENT_NAME}"
echo ""

echo "[1/2] Adding peer to WireGuard interface..."
wg set ${WG_INTERFACE} peer ${CLIENT_PUBLIC_KEY} allowed-ips ${CLIENT_IP}

echo "[2/2] Saving WireGuard configuration..."
wg-quick save ${WG_INTERFACE}

echo ""
echo "========================================="
echo "Client enabled successfully!"
echo "========================================="
echo ""
echo "Client '${CLIENT_NAME}' is now active"
echo "IP Address: ${CLIENT_IP}"
echo ""