"""SetecMITM configuration management"""

import json
import os

DEFAULT_CONFIG = {
    # ── Network targets ─────────────────────────────────────────
    "target_ip":   "",                  # IP of the device under test
    "target_mac":  "",                  # MAC of the device under test
    "our_ip":      "",                  # IP of THIS box (the MITM host)
    "router_ip":   "",                  # gateway IP
    "iface":       "",                  # network interface name (e.g. eth0)

    # ── Logging / output ────────────────────────────────────────
    "log_dir":     os.path.expanduser("~/setec_mitm_logs"),
    "log_max_bytes": 1024 * 1024 * 1024,    # 1 GiB rotation

    # ── Services to auto-start (each can be toggled in the GUI) ─
    "auto_arp":      True,
    "auto_dns":      True,
    "auto_http":     True,
    "auto_https":    True,
    "auto_sniffer":  True,
    "auto_intruder": True,
    "auto_udp_ports": [],               # list of UDP ports to listen on

    # ── DNS spoofing ────────────────────────────────────────────
    # If empty, DNS spoof catches every query and points it at us.
    # Otherwise only entries here are spoofed (others passed through).
    "dns_spoof_only": [],

    # ── Intruder watch ──────────────────────────────────────────
    # CIDRs the target is *expected* to talk to. Anything outside
    # these gets flagged in the Intruders tab.
    "intruder_known_nets": [],

    # ── REST API ────────────────────────────────────────────────
    "rest_port": 9090,

    # ── Plugin loader ───────────────────────────────────────────
    # Name of a target plugin under targets/<name>/. The plugin can
    # provide a custom client, fuzzer endpoint list, CVE checks, and
    # protocol fingerprints. See targets/example/ for the layout.
    "target_plugin": "",
}

CONFIG_FILE = os.path.expanduser("~/.config/setec-mitm/config.json")


class Config:
    def __init__(self):
        self._data = dict(DEFAULT_CONFIG)
        self.load()

    def __getitem__(self, key):
        return self._data[key]

    def __setitem__(self, key, value):
        self._data[key] = value

    def get(self, key, default=None):
        return self._data.get(key, default)

    def keys(self):
        return self._data.keys()

    def items(self):
        return self._data.items()

    def update(self, d):
        self._data.update(d)

    def load(self):
        if os.path.exists(CONFIG_FILE):
            try:
                with open(CONFIG_FILE) as f:
                    self._data.update(json.load(f))
            except Exception:
                pass

    def save(self):
        os.makedirs(os.path.dirname(CONFIG_FILE), exist_ok=True)
        with open(CONFIG_FILE, "w") as f:
            json.dump(self._data, f, indent=2)

    def to_dict(self):
        return dict(self._data)

    def safe_dict(self):
        """Config dict with sensitive values masked."""
        d = dict(self._data)
        for k in list(d.keys()):
            if "password" in k.lower() or "secret" in k.lower() or "token" in k.lower():
                v = d[k]
                if isinstance(v, str) and v:
                    d[k] = v[:6] + "…"
        return d