#ifndef VPNTRAFFICGUARD_H
#define VPNTRAFFICGUARD_H

#include <qobject.h>
#include "core/repositories/secureAppSettingsRepository.h"
#include "protocols/vpnProtocol.h"

class Tunnel;

class VpnTrafficGuard : public QObject
{
    Q_OBJECT

public:
    explicit VpnTrafficGuard(SecureAppSettingsRepository* appSettings, QObject* parent = nullptr);
    ~VpnTrafficGuard() override;
    void setConfig(const QJsonObject &config);
    void setupRoutes(const QJsonObject &vpnConfiguration,
                                 const QSharedPointer<VpnProtocol> &protocol,
                                 const QString &remoteAddress);

    void flushAll();
    bool allowEndpoint(const QString &remoteAddress, const QString &ifname = QString());
    void applyKillSwitch(Tunnel* tunnel, const QString &vpnGateway, const QString &vpnLocalAddress);

    void reserve(Tunnel* tunnel);
    void release(Tunnel* tunnel);
    void applyPolicy(Tunnel* tunnel);
    void revokePolicy(Tunnel* tunnel);

    void bringUp(Tunnel* tunnel);
    void commit(Tunnel* tunnel);
    void tearDown(Tunnel* tunnel);
    void swap(Tunnel* from, Tunnel* to);

private:
    void addSplitTunnelRoutes(const QString &gateway, amnezia::RouteMode mode);
    void finishFirewallHandover(Tunnel* tunnel);
    SecureAppSettingsRepository* m_appSettingsRepository;
    QJsonObject m_config;
    bool m_ipv6RoutingStopped = false;
    QStringList m_allowedEndpoints;
};

#endif // VPNTRAFFICGUARD_H