import os
import logging
from jinja2 import Environment, FileSystemLoader
from sqlalchemy.orm import Session
from .config import get_system_settings, get_pki_settings
from .pki import PKI_DIR

logger = logging.getLogger(__name__)

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
TEMPLATES_DIR = os.path.join(BASE_DIR, "templates")

env = Environment(loader=FileSystemLoader(TEMPLATES_DIR))

def generate_server_config(db: Session, output_path: str = "server.conf"):
    settings = get_system_settings(db)
    pki_settings = get_pki_settings(db)
    template = env.get_template("server.conf.j2")

    # Rendering Path
    file_ca_path = os.path.join(PKI_DIR, "ca.crt")
    file_srv_cert_path = os.path.join(PKI_DIR, "issued", f"{pki_settings.fqdn_server}.crt")
    file_srv_key_path = os.path.join(PKI_DIR, "private", f"{pki_settings.fqdn_server}.key")
    file_dh_path = os.path.join(PKI_DIR, "dh.pem")
    file_ta_path = os.path.join(PKI_DIR, "ta.key")
    
    # Render template
    config_content = template.render(
        protocol=settings.protocol,
        port=settings.port,
        ca_path=file_ca_path,
        srv_cert_path=file_srv_cert_path,
        srv_key_path=file_srv_key_path,
        dh_path=file_dh_path,
        ta_path=file_ta_path,
        vpn_network=settings.vpn_network,
        vpn_netmask=settings.vpn_netmask,
        tunnel_type=settings.tunnel_type,
        split_routes=settings.split_routes,
        user_defined_dns=settings.user_defined_dns,
        dns_servers=settings.dns_servers,
        client_to_client=settings.client_to_client,
        duplicate_cn=settings.duplicate_cn,
        crl_verify=settings.crl_verify,
        user_defined_cdscripts=settings.user_defined_cdscripts,
        connect_script=settings.connect_script,
        disconnect_script=settings.disconnect_script,
        management_interface=settings.management_interface,
        management_interface_address=settings.management_interface_address,
        management_port=settings.management_port,
        tun_mtu=settings.tun_mtu,
        mssfix=settings.mssfix
    )
    
    # Write to file
    with open(output_path, "w") as f:
        f.write(config_content)
    
    return config_content

def generate_client_config(db: Session, username: str, output_path: str):
    settings = get_system_settings(db)
    pki = get_pki_settings(db)
    
    # Read Certs and Keys
    # Note: filenames in easy-rsa pki structure
    # ca: pki/ca.crt
    # cert: pki/issued/<username>.crt
    # key: pki/private/<username>.key
    # ta: pki/ta.key
    
    def read_file(path):
        try:
            with open(path, "r") as f:
                return f.read().strip()
        except FileNotFoundError:
            logger.error(f"File not found: {path}")
            return f"Error: {path} not found"

    ca_cert = read_file(os.path.join(PKI_DIR, "ca.crt"))
    client_cert = read_file(os.path.join(PKI_DIR, "issued", f"{username}.crt"))
    client_key = read_file(os.path.join(PKI_DIR, "private", f"{username}.key"))
    tls_auth = read_file(os.path.join(PKI_DIR, "ta.key"))
    
    # Determine Remote IP
    if settings.public_ip:
        remote_ip = settings.public_ip
    else:
        from .utils import get_public_ip
        remote_ip = get_public_ip() 
    
    template = env.get_template("client.ovpn.j2")
    
    config_content = template.render(
        protocol=settings.protocol,
        remote_ip=remote_ip, 
        port=settings.port,
        ca_cert=ca_cert,
        client_cert=client_cert,
        client_key=client_key,
        tls_auth=tls_auth,
        tun_mtu=settings.tun_mtu
    )
    
    with open(output_path, "w") as f:
        f.write(config_content)
        
    return config_content