#!/bin/bash
set -e

# Script to remove a VPN client
# Usage: ./remove-client.sh <client_name>

if [ "$EUID" -ne 0 ]; then
    echo "ERROR: Please run as root"
    exit 1
fi

if [ -z "$1" ]; then
    echo "Usage: $0 <client_name>"
    echo "Example: $0 phone"
    exit 1
fi

CLIENT_NAME="$1"
KEYS_DIR="/etc/wireguard/keys"
CLIENTS_DIR="/etc/wireguard/clients"
WG_INTERFACE="wg0"

# Check if client exists
if [ ! -f "${KEYS_DIR}/client_${CLIENT_NAME}.pub" ]; then
    echo "ERROR: Client '${CLIENT_NAME}' does not exist"
    exit 1
fi

CLIENT_PUBLIC_KEY=$(cat "${KEYS_DIR}/client_${CLIENT_NAME}.pub")

echo "Removing VPN client: ${CLIENT_NAME}"
echo ""

echo "[1/4] Removing peer from WireGuard interface..."
wg set ${WG_INTERFACE} peer ${CLIENT_PUBLIC_KEY} remove

echo "[2/4] Saving WireGuard configuration..."
wg-quick save ${WG_INTERFACE}

echo "[3/4] Removing client keys..."
rm -f "${KEYS_DIR}/client_${CLIENT_NAME}.key"
rm -f "${KEYS_DIR}/client_${CLIENT_NAME}.pub"

echo "[4/4] Removing client configuration..."
rm -f "${CLIENTS_DIR}/${CLIENT_NAME}.conf"

echo ""
echo "========================================="
echo "Client removed successfully!"
echo "========================================="
echo ""