import type { SmartNftables } from './nft.manager.js';
import type { INftRateLimitRule, INftConnectionRateRule } from './nft.types.js';
import { buildRateLimitRule, buildConnectionRateRule } from './nft.rulebuilder.ratelimit.js';

/**
 * Manages rate limiting rules using nft meters and limit expressions.
 */
export class RateLimitManager {
  constructor(private parent: SmartNftables) {}

  /**
   * Add a rate limit rule (global or per-IP).
   */
  public async addRateLimit(groupId: string, rule: INftRateLimitRule): Promise<void> {
    await this.parent.ensureFilterChains();
    const commands = buildRateLimitRule(this.parent.tableName, this.parent.family, rule);
    await this.parent.applyRuleGroup(`ratelimit:${groupId}`, commands);
  }

  /**
   * Remove a rate limit rule group.
   */
  public async removeRateLimit(groupId: string): Promise<void> {
    await this.parent.removeRuleGroup(`ratelimit:${groupId}`);
  }

  /**
   * Add a new-connection rate limit rule.
   * Limits the rate of new TCP/UDP connections (ct state new).
   */
  public async addConnectionRateLimit(groupId: string, rule: INftConnectionRateRule): Promise<void> {
    await this.parent.ensureFilterChains();
    const commands = buildConnectionRateRule(this.parent.tableName, this.parent.family, rule);
    await this.parent.applyRuleGroup(`connrate:${groupId}`, commands);
  }

  /**
   * Remove a connection rate limit rule group.
   */
  public async removeConnectionRateLimit(groupId: string): Promise<void> {
    await this.parent.removeRuleGroup(`connrate:${groupId}`);
  }
}