#!/bin/sh

WARP_CONF="${WARP_CONF:-/etc/sing-box-warp/warp.conf}"
OUTPUT_CONFIG="${OUTPUT_CONFIG:-/opt/sing-box-warp/config.json}"
ENABLE_TUN_FILE="${ENABLE_TUN_FILE:-/etc/sing-box-warp/enable-tun}"

load_enable_tun() {
    local value

    value=$(trim "${ENABLE_TUN:-}")
    if [ -z "$value" ] && [ -f "$ENABLE_TUN_FILE" ]; then
        value=$(trim "$(cat "$ENABLE_TUN_FILE")")
    fi

    case "$value" in
        1|yes|true|y|Y|on|ON) ENABLE_TUN=1 ;;
        *) ENABLE_TUN=0 ;;
    esac
}

urldecode() {
    echo "$1" | sed 's/%3[dD]/=/g; s/%2[bB]/+/g; s/%2[fF]/\//g; s/%2[cC]/,/g'
}

trim() {
    echo "$1" | sed 's/^[[:space:]]*//; s/[[:space:]]*$//'
}

# Default-route NIC (eth0, ens3, enp0s3, …); override with TUN_EXCLUDE_INTERFACE
detect_default_interface() {
    local iface

    iface=$(trim "${TUN_EXCLUDE_INTERFACE:-}")
    if [ -n "$iface" ]; then
        echo "$iface"
        return 0
    fi

    if command -v ip >/dev/null 2>&1; then
        iface=$(ip -4 route show default 2>/dev/null \
            | awk '/default/ { for (i = 1; i <= NF; i++) if ($i == "dev") { print $(i + 1); exit } }')
        if [ -n "$iface" ]; then
            echo "$iface"
            return 0
        fi

        iface=$(ip -4 route get 1.1.1.1 2>/dev/null \
            | awk '{ for (i = 1; i <= NF; i++) if ($i == "dev") { print $(i + 1); exit } }')
        if [ -n "$iface" ]; then
            echo "$iface"
            return 0
        fi
    fi

    if [ -r /proc/net/route ]; then
        iface=$(awk '$2 == "00000000" && $1 != "Iface" { print $1; exit }' /proc/net/route)
        if [ -n "$iface" ]; then
            echo "$iface"
            return 0
        fi
    fi

    return 1
}

normalize_cidr() {
    local addr
    local suffix
    addr=$(trim "$1")
    suffix="$2"

    if [ -z "$addr" ]; then
        echo ""
        return
    fi

    case "$addr" in
        */*) echo "$addr" ;;
        *) echo "${addr}/${suffix}" ;;
    esac
}

# Extract parameter from URL
get_param() {
    local url="$1"
    local param="$2"
    echo "$url" | sed -n "s/.*[?&]${param}=\([^&#]*\).*/\1/p"
}

parse_from_wg_url() {
    WG_URL=$(grep "^wg://" "$WARP_CONF" | head -1)

    if [ -z "$WG_URL" ]; then
        echo "Error: No wg:// URL found in $WARP_CONF"
        exit 1
    fi

    SERVER=$(echo "$WG_URL" | sed 's|wg://\([^:]*\):.*|\1|')
    PORT=$(echo "$WG_URL" | sed 's|wg://[^:]*:\([0-9]*\)?.*|\1|')

    PRIVATE_KEY=$(urldecode "$(get_param "$WG_URL" "private_key")")
    PUBLIC_KEY=$(urldecode "$(get_param "$WG_URL" "peer_public_key")")
    MTU=$(get_param "$WG_URL" "mtu")
    LOCAL_ADDRESS=$(urldecode "$(get_param "$WG_URL" "local_address")")

    Jc=$(get_param "$WG_URL" "junk_packet_count")
    Jmin=$(get_param "$WG_URL" "junk_packet_min_size")
    Jmax=$(get_param "$WG_URL" "junk_packet_max_size")
    H1=$(get_param "$WG_URL" "init_packet_magic_header")
    H2=$(get_param "$WG_URL" "response_packet_magic_header")
    H3=$(get_param "$WG_URL" "underload_packet_magic_header")
    H4=$(get_param "$WG_URL" "transport_packet_magic_header")

    IPV4=$(echo "$LOCAL_ADDRESS" | tr ',-' '\n' | sed -n '1p')
    IPV6=$(echo "$LOCAL_ADDRESS" | tr ',-' '\n' | sed -n '2p')

    IPV4=$(normalize_cidr "$IPV4" 32)
    IPV6=$(normalize_cidr "$IPV6" 128)

    if [ -z "$IPV4" ]; then
        echo "Error: local_address (IPv4) is empty"
        exit 1
    fi

    ADDRESS_JSON=$(printf '"%s"' "$IPV4")

    MTU=${MTU:-1280}
    Jc=${Jc:-4}
    Jmin=${Jmin:-40}
    Jmax=${Jmax:-70}
    H1=${H1:-1}
    H2=${H2:-2}
    H3=${H3:-3}
    H4=${H4:-4}

    ALLOWED_IPS="0.0.0.0/0"
    TAG="wireguard-out"
    LOG_LEVEL="error"
}

parse_from_ini() {
    local section=""
    local key=""
    local value=""

    while IFS= read -r line || [ -n "$line" ]; do
        line=$(trim "$line")
        [ -z "$line" ] && continue

        case "$line" in
            \#*|\;*) continue ;;
        esac

        case "$line" in
            "[Interface]") section="Interface"; continue ;;
            "[Peer]") section="Peer"; continue ;;
        esac

        key=$(trim "$(echo "$line" | cut -d'=' -f1)")
        value=$(trim "$(echo "$line" | cut -d'=' -f2-)")
        [ -z "$key" ] && continue

        if [ "$section" = "Interface" ]; then
            case "$key" in
                PrivateKey) PRIVATE_KEY="$value" ;;
                Address)
                    IPV4=$(trim "$(echo "$value" | cut -d',' -f1)")
                    IPV6=$(trim "$(echo "$value" | cut -d',' -f2)")
                    ;;
                MTU) MTU="$value" ;;
                S1) S1="$value" ;;
                S2) S2="$value" ;;
                S3) S3="$value" ;;
                Jc) Jc="$value" ;;
                Jmin) Jmin="$value" ;;
                Jmax) Jmax="$value" ;;
                H1) H1="$value" ;;
                H2) H2="$value" ;;
                H3) H3="$value" ;;
                H4) H4="$value" ;;
                I1) I1="$value" ;;
                I2) I2="$value" ;;
            esac
        elif [ "$section" = "Peer" ]; then
            case "$key" in
                PublicKey) PUBLIC_KEY="$value" ;;
                AllowedIPs)
                    if echo "$value" | grep -q "0.0.0.0/0"; then
                        ALLOWED_IPS="0.0.0.0/0"
                    else
                        ALLOWED_IPS=$(trim "$(echo "$value" | cut -d',' -f1)")
                    fi
                    ;;
                Endpoint)
                    SERVER=$(echo "$value" | cut -d':' -f1)
                    PORT=$(echo "$value" | cut -d':' -f2)
                    ;;
            esac
        fi
    done < "$WARP_CONF"

    IPV4=$(normalize_cidr "$IPV4" 32)
    IPV6=$(normalize_cidr "$IPV6" 128)

    if [ -z "$IPV4" ]; then
        echo "Error: Address (IPv4) is empty"
        exit 1
    fi

    ADDRESS_JSON=$(printf '"%s"' "$IPV4")

    MTU=${MTU:-1280}
    S1=${S1:-0}
    S2=${S2:-0}
    S3=${S3:-0}
    Jc=${Jc:-4}
    Jmin=${Jmin:-40}
    Jmax=${Jmax:-70}
    H1=${H1:-1}
    H2=${H2:-2}
    H3=${H3:-3}
    H4=${H4:-4}
    ALLOWED_IPS=${ALLOWED_IPS:-0.0.0.0/0}
    if [ -z "$SERVER" ] || [ -z "$PORT" ]; then
        echo "Error: Endpoint is empty"
        exit 1
    fi

    TAG="wireguard-out"
    LOG_LEVEL="error"
}

write_config() {
    if [ "$ENABLE_TUN" = "1" ]; then
        EXCLUDE_IFACE=$(detect_default_interface) || {
            echo "Warning: could not detect default network interface, using eth0" >&2
            EXCLUDE_IFACE="eth0"
        }
        echo "TUN enabled, exclude_interface: $EXCLUDE_IFACE" >&2
        TUN_INBOUND_PART=$(cat <<TUNEOF
,
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "sing0",
      "address": [
        "172.42.0.1/30"
      ],
      "mtu": 1500,
      "auto_route": true,
      "strict_route": false,
      "auto_redirect": true,
      "sniff": true,
      "sniff_override_destination": true,
      "endpoint_independent_nat": false,
      "stack": "system",
      "domain_strategy": "prefer_ipv4",
      "exclude_interface": [
        "$EXCLUDE_IFACE"
      ]
    }
TUNEOF
)
        TUN_ROUTE_RULE_PART=$(cat <<'RULEEOF'
,
      {
        "inbound": "tun-in",
        "action": "sniff",
        "timeout": "1s",
        "network": [
          "tcp",
          "udp",
          "quic"
        ]
      }
RULEEOF
)
        RULE_SET_RULE_PART=$(cat <<'RULEEOF'
,
      {
        "rule_set": [
          "antifilter_allyouneed",
          "antizapret",
          "cloudfront_ip_MetaCubeX",
          "github_ip_you-oops-dev",
          "github_karingx",
          "telegram_MetaCubeX",
          "refilter_ipsum",
          "canonical_MetaCubeX",
          "launchpad_KaringX"
        ],
        "outbound": "wireguard-out"
      }
RULEEOF
)
        ROUTE_RULE_SET_SECTION=$(cat <<'DEFSEOF'
    "rule_set": [
      {
        "tag": "antifilter_allyouneed",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/antifilter_allyouneed.srs"
      },
      {
        "tag": "antizapret",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/antizapret.srs"
      },
      {
        "tag": "cloudfront_ip_MetaCubeX",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/cloudfront_ip_MetaCubeX.srs"
      },
      {
        "tag": "github_ip_you-oops-dev",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/github_ip_you-oops-dev.srs"
      },
      {
        "tag": "github_karingx",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/github_karingx.srs"
      },
      {
        "tag": "telegram_MetaCubeX",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/telegram_MetaCubeX.srs"
      },
      {
        "tag": "refilter_ipsum",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/refilter_ipsum.srs"
      },
      {
        "tag": "canonical_MetaCubeX",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/canonical_MetaCubeX.srs"
      },
      {
        "tag": "launchpad_KaringX",
        "type": "local",
        "format": "binary",
        "path": "/opt/sing-box-warp/rules/launchpad_KaringX.srs"
      }
    ],
DEFSEOF
)
    else
        echo "TUN disabled (SOCKS5 only)" >&2
        TUN_INBOUND_PART=""
        TUN_ROUTE_RULE_PART=""
        RULE_SET_RULE_PART=""
        ROUTE_RULE_SET_SECTION=""
    fi

    if [ -n "$I1" ] || [ -n "$I2" ]; then
        H4_COMMA=","
    else
        H4_COMMA=""
    fi

    if [ -n "$I1" ] && [ -n "$I2" ]; then
        I1_LINE=$(printf '        "i1": "%s",\n' "$I1")
        I2_LINE=$(printf '        "i2": "%s"\n' "$I2")
    elif [ -n "$I1" ]; then
        I1_LINE=$(printf '        "i1": "%s"\n' "$I1")
        I2_LINE=""
    elif [ -n "$I2" ]; then
        I1_LINE=""
        I2_LINE=$(printf '        "i2": "%s"\n' "$I2")
    else
        I1_LINE=""
        I2_LINE=""
    fi

    cat > "$OUTPUT_CONFIG" <<EOF
{
  "log": {
    "level": "$LOG_LEVEL"
  },
  "dns": {
    "servers": [
      {
        "tag": "default",
        "type": "udp",
        "server": "76.76.2.0",
        "detour": "direct"
      },
      {
        "tag": "dns-proxy",
        "type": "tls",
        "server": "8.8.8.8",
        "detour": "wireguard-out"
      },
      {
        "tag": "local",
        "type": "udp",
        "server": "127.0.0.1",
        "detour": "direct"
      }
    ]
  },
  "endpoints": [
    {
      "type": "wireguard",
      "tag": "$TAG",
      "mtu": $MTU,
      "address": $ADDRESS_JSON,
      "private_key": "$PRIVATE_KEY",
      "listen_port": 10000,
      "peers": [
        {
          "address": "$SERVER",
          "port": $PORT,
          "public_key": "$PUBLIC_KEY",
          "allowed_ips": "$ALLOWED_IPS",
          "persistent_keepalive_interval": 25
        }
      ],
      "udp_timeout": "5m0s",
      "amnezia": {
        "jc": $Jc,
        "jmin": $Jmin,
        "jmax": $Jmax,
        "s1": ${S1:-0},
        "s2": ${S2:-0},
        "h1": $H1,
        "h2": $H2,
        "h3": $H3,
        "h4": $H4$H4_COMMA
$I1_LINE
$I2_LINE
      }
    }
  ],
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen_port": 2080
    }$TUN_INBOUND_PART
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ],
  "route": {
    "rules": [
      {
        "action": "sniff"
      }$TUN_ROUTE_RULE_PART,
      {
        "ip_is_private": true,
        "outbound": "direct"
      },
      {
        "inbound": "mixed-in",
        "outbound": "wireguard-out"
      },
      {
        "protocol": "dns",
        "action": "hijack-dns"
      },
      {
        "domain_suffix": [
          "myip.wtf",
          "my-ip.io",
          "ipify.org",
          "myip.la",
          "ip-api.com",
          "ipleak.net",
          "1e100.net",
          "browserleaks.com",
          "2ip.io",
          "2ipcore.com",
          "ipecho.net",
          "ip.sb"
        ],
        "outbound": "wireguard-out"
      }$RULE_SET_RULE_PART
    ],
$ROUTE_RULE_SET_SECTION
    "final": "direct",
    "default_domain_resolver": "default",
    "auto_detect_interface": true
  }
}
EOF
}

parse_warp_conf() {
    local first_line
    first_line=$(head -n 1 "$WARP_CONF" | tr -d '\r')
    first_line=$(trim "$first_line")

    if echo "$first_line" | grep -q "^wg://"; then
        parse_from_wg_url
    elif echo "$first_line" | grep -q "^\[Interface\]"; then
        parse_from_ini
    else
        echo "Error: Unsupported warp.conf format (expected wg:// or [Interface])"
        exit 1
    fi

    load_enable_tun
    write_config
}

# Main
load_enable_tun

if [ ! -f "$WARP_CONF" ]; then
    echo "Error: $WARP_CONF not found!"
    exit 1
fi

parse_warp_conf
echo "Config generated successfully at $OUTPUT_CONFIG"