import requests
import json
import os
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def get_router_credentials(config_path, isp_name="dimensi", router_name="router-dimensi-dell"):
    try:
        with open(config_path, 'r') as f:
            config = json.load(f)
        routers = config.get("isps", {}).get(isp_name, {}).get("routers", {})
        return routers.get(router_name)
    except Exception as e:
        print(f"Error membaca config: {e}")
        return None

def update_mangle_rules():
    router = get_router_credentials("/home/wartana/myApp/billing-mcp/config.json")
    if not router:
        print("Kredensial router-dimensi-dell tidak ditemukan di config.")
        return
        
    host = router["host"]
    user = router["user"]
    password = router["pass"]
    port = router["port"]
    
    api_url = f"http://{host}/rest"
    if port != 80:
        api_url = f"http://{host}:{port}/rest"
        
    session = requests.Session()
    session.auth = (user, password)
    session.verify = False

    print(f"Menghubungi router {host}:{port}...")

    # 1. Hapus SEMUA mangle packet yang sudah ada (Hanya action=mark-packet pada chain=forward)
    print("Menghapus mark-packet yang lama...")
    del_payload = {"script": "/ip/firewall/mangle/remove [find chain=forward action=mark-packet]"}
    try:
        session.post(f"{api_url}/execute", json=del_payload, timeout=30)
    except Exception as e:
        pass
        
    import time
    time.sleep(2) # Beri waktu router mengeksekusi penghapusan massal
    
    # 2. Definisikan Packet mark baru yang bypass BGP lokal
    # Format: [List Name, Packet Mark Down, Packet Mark Up]
    profiles = [
        ("EXPIRED", "EXPIRED_dl", "EXPIRED_ul"), # EXPIRED tetap dilimit mati dari/ke lokal
        ("star_10", "star_10_dl", "star_10_up"),
        ("star_20", "star_20_dl", "star_20_up"),
        ("star_30", "star_30_dl", "star_30_up"),
        ("star_50", "star_50_dl", "star_50_up"),
        ("star_100", "star_100_dl", "star_100_up"),
        ("star_150", "star_150_dl", "star_150_up"),
        ("star_200", "star_200_dl", "star_200_up"),
        ("star_500", "star_500_dl", "star_500_up"),
        ("hemat", "hemat_dl", "hemat_up")
    ]
    
    # 3. Kumpulkan printah script Batch MikroTik
    commands = []
    
    for profile, dl_mark, up_mark in profiles:
        # EXPIRED tidak di-bypass agar tidak bisa akses lokal sama sekali
        if profile == "EXPIRED":
             commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward dst-address-list={profile} new-packet-mark={dl_mark} passthrough=no")
             commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward src-address-list={profile} new-packet-mark={up_mark} passthrough=no")
        else:
            # Profil reguler di-bypass (src/dst target = !ip-lokal)
            # DOWNLOAD: IP Publik -> Pelanggan (!ip-lokal ke list star_*)
            commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward dst-address-list={profile} src-address-list=!ip-lokal new-packet-mark={dl_mark} passthrough=no comment=\"Bypass BGP Lokal - {profile}\"")
            # UPLOAD: Pelanggan -> IP Publik (star_* ke !ip-lokal)
            commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward src-address-list={profile} dst-address-list=!ip-lokal new-packet-mark={up_mark} passthrough=no")

    script_code = "\n".join(commands)
    
    print(f"Mengkreasikan ulang {len(commands)} buah rule Mangle Bypass BGP Lokal...")
    
    payload = {"script": script_code}
    
    try:
        res = session.post(f"{api_url}/execute", json=payload, timeout=30)
        if res.status_code in (200, 201):
            print("Berhasil! Mangle Router Dimensi-Dell telah disinkronisasi.")
        else:
             print(f"Gagalan saat inject mangle: {res.text}")
    except Exception as e:
        print(f"Error eksekusi: {e}")

if __name__ == "__main__":
    update_mangle_rules()