#!/bin/bash
# wgclient - Run on macan (local dev machine)
# Creates wg1 test interface and starts the obfuscation proxy.
# Tears down wg1 on exit (Ctrl-C).
#
# Usage: sudo ./wgclient

set -e

# Pre-generated test keypairs (hardcoded, no exchange needed)
CLIENT_PRIVKEY="AOyf+idP5+zqYGyEVMCCJAZ+5VfFEhR0q71zRpHzulE="
CLIENT_PUBKEY="Y9L9W00HLumBSFlZBcXSFFcpJ16X6JCX1aXGBfxZLn4="
SERVER_PUBKEY="+zFiy1MQTzHOk6wQPGqHitZvcmmX6/xb/o7trPHpvG0="

# as9 public IP
SERVER_PUBLIC_IP="178.128.150.170"

# Shared proxy key (relay2 Netrinos pubkey)
PROXY_KEY="mFvkKjfxwbE8+6v8v8quwysp9tH4HSlW+29RO6odo2c="

IFACE=wg1
WG_PORT=51820
PROXY_PORT=51822
REMOTE_PROXY_PORT=51821
CLIENT_IP=10.99.0.2

cleanup() {
    echo ""
    echo "Tearing down $IFACE..."
    ip link del "$IFACE" 2>/dev/null || true
    rm -f /tmp/wg1-private
    echo "Done."
}
trap cleanup EXIT

# Write private key to temp file (wg set requires a file)
echo "$CLIENT_PRIVKEY" > /tmp/wg1-private
chmod 600 /tmp/wg1-private

# Create interface
ip link add "$IFACE" type wireguard
ip addr add "$CLIENT_IP/24" dev "$IFACE"
wg set "$IFACE" listen-port "$WG_PORT" private-key /tmp/wg1-private
wg set "$IFACE" peer "$SERVER_PUBKEY" \
    endpoint "127.0.0.1:$PROXY_PORT" \
    allowed-ips 10.99.0.1/32 \
    persistent-keepalive 25
ip link set "$IFACE" up

echo "wg1 up: $CLIENT_IP, listen $WG_PORT, endpoint via proxy :$PROXY_PORT"
wg show "$IFACE"
echo ""

# Detect binary
PROXY=./wgproxy-amd64
if [ ! -x "$PROXY" ]; then
    PROXY=./wgproxy
fi
if [ ! -x "$PROXY" ]; then
    echo "Error: no proxy binary found"
    exit 1
fi

echo "Starting proxy: listen :$PROXY_PORT -> $SERVER_PUBLIC_IP:$REMOTE_PROXY_PORT"
echo "Press Ctrl-C to stop and tear down."
echo ""

$PROXY -listen ":$PROXY_PORT" -forward "$SERVER_PUBLIC_IP:$REMOTE_PROXY_PORT" -key "$PROXY_KEY"