syntax = "proto3";

package mc_proxy.v1;

option go_package = "git.wntrmute.dev/kyle/mc-proxy/gen/mc_proxy/v1;mcproxyv1";

import "google/protobuf/timestamp.proto";

service ProxyAdminService {
  // Routes
  rpc ListRoutes(ListRoutesRequest) returns (ListRoutesResponse);
  rpc AddRoute(AddRouteRequest) returns (AddRouteResponse);
  rpc RemoveRoute(RemoveRouteRequest) returns (RemoveRouteResponse);

  // Firewall
  rpc GetFirewallRules(GetFirewallRulesRequest) returns (GetFirewallRulesResponse);
  rpc AddFirewallRule(AddFirewallRuleRequest) returns (AddFirewallRuleResponse);
  rpc RemoveFirewallRule(RemoveFirewallRuleRequest) returns (RemoveFirewallRuleResponse);

  // Connection limits
  rpc SetListenerMaxConnections(SetListenerMaxConnectionsRequest) returns (SetListenerMaxConnectionsResponse);

  // L7 policies
  rpc ListL7Policies(ListL7PoliciesRequest) returns (ListL7PoliciesResponse);
  rpc AddL7Policy(AddL7PolicyRequest) returns (AddL7PolicyResponse);
  rpc RemoveL7Policy(RemoveL7PolicyRequest) returns (RemoveL7PolicyResponse);

  // Status
  rpc GetStatus(GetStatusRequest) returns (GetStatusResponse);
}

// Routes

message L7Policy {
  string type = 1;   // "block_user_agent" or "require_header"
  string value = 2;
}

message Route {
  string hostname = 1;
  string backend = 2;
  string mode = 3;                       // "l4" (default) or "l7"
  string tls_cert = 4;                   // PEM certificate path (L7 only)
  string tls_key = 5;                    // PEM private key path (L7 only)
  bool backend_tls = 6;                  // re-encrypt to backend (L7 only)
  bool send_proxy_protocol = 7;          // send PROXY v2 header to backend
  repeated L7Policy l7_policies = 8;     // HTTP-level policies (L7 only)
}

message ListRoutesRequest {
  string listener_addr = 1;
}

message ListRoutesResponse {
  string listener_addr = 1;
  repeated Route routes = 2;
}

message AddRouteRequest {
  string listener_addr = 1;
  Route route = 2;
}

message AddRouteResponse {}

message RemoveRouteRequest {
  string listener_addr = 1;
  string hostname = 2;
}

message RemoveRouteResponse {}

// L7 Policies

message ListL7PoliciesRequest {
  string listener_addr = 1;
  string hostname = 2;
}

message ListL7PoliciesResponse {
  repeated L7Policy policies = 1;
}

message AddL7PolicyRequest {
  string listener_addr = 1;
  string hostname = 2;
  L7Policy policy = 3;
}

message AddL7PolicyResponse {}

message RemoveL7PolicyRequest {
  string listener_addr = 1;
  string hostname = 2;
  L7Policy policy = 3;
}

message RemoveL7PolicyResponse {}

// Firewall

enum FirewallRuleType {
  FIREWALL_RULE_TYPE_UNSPECIFIED = 0;
  FIREWALL_RULE_TYPE_IP = 1;
  FIREWALL_RULE_TYPE_CIDR = 2;
  FIREWALL_RULE_TYPE_COUNTRY = 3;
}

message FirewallRule {
  FirewallRuleType type = 1;
  string value = 2;
}

message GetFirewallRulesRequest {}

message GetFirewallRulesResponse {
  repeated FirewallRule rules = 1;
}

message AddFirewallRuleRequest {
  FirewallRule rule = 1;
}

message AddFirewallRuleResponse {}

message RemoveFirewallRuleRequest {
  FirewallRule rule = 1;
}

message RemoveFirewallRuleResponse {}

// Status

message SetListenerMaxConnectionsRequest {
  string listener_addr = 1;
  int64 max_connections = 2;  // 0 = unlimited
}

message SetListenerMaxConnectionsResponse {}

message ListenerStatus {
  string addr = 1;
  int32 route_count = 2;
  int64 active_connections = 3;
  bool proxy_protocol = 4;
  int64 max_connections = 5;
}

message GetStatusRequest {}

message GetStatusResponse {
  string version = 1;
  google.protobuf.Timestamp started_at = 2;
  repeated ListenerStatus listeners = 3;
  int64 total_connections = 4;
}