/**
 * RADIUS Server Interfaces
 * Server-specific types for handling authentication and accounting
 */

import type {
  ERadiusCode,
  EServiceType,
  EFramedProtocol,
  ENasPortType,
  EAcctStatusType,
  EAcctAuthentic,
  EAcctTerminateCause,
  IRadiusPacket,
  IVendorSpecificAttribute,
} from '../ts_shared/index.js';

// Re-export all shared types for backwards compatibility
export * from '../ts_shared/index.js';

/**
 * Authentication request context
 */
export interface IAuthenticationRequest {
  username: string;
  password?: string;  // For PAP
  chapPassword?: Buffer;  // For CHAP
  chapChallenge?: Buffer;  // For CHAP
  nasIpAddress?: string;
  nasIdentifier?: string;
  nasPort?: number;
  nasPortType?: ENasPortType;
  calledStationId?: string;
  callingStationId?: string;
  serviceType?: EServiceType;
  framedProtocol?: EFramedProtocol;
  state?: Buffer;
  rawPacket: IRadiusPacket;
  clientAddress: string;
  clientPort: number;
}

/**
 * Authentication response
 */
export interface IAuthenticationResponse {
  code: ERadiusCode.AccessAccept | ERadiusCode.AccessReject | ERadiusCode.AccessChallenge;
  attributes?: Array<{ type: number | string; value: string | number | Buffer }>;
  replyMessage?: string;
  sessionTimeout?: number;
  idleTimeout?: number;
  state?: Buffer;
  class?: Buffer;
  framedIpAddress?: string;
  framedIpNetmask?: string;
  framedRoutes?: string[];
  vendorAttributes?: IVendorSpecificAttribute[];
}

/**
 * Accounting request context
 */
export interface IAccountingRequest {
  statusType: EAcctStatusType;
  sessionId: string;
  username?: string;
  nasIpAddress?: string;
  nasIdentifier?: string;
  nasPort?: number;
  nasPortType?: ENasPortType;
  delayTime?: number;
  inputOctets?: number;
  outputOctets?: number;
  sessionTime?: number;
  inputPackets?: number;
  outputPackets?: number;
  terminateCause?: EAcctTerminateCause;
  authentic?: EAcctAuthentic;
  multiSessionId?: string;
  linkCount?: number;
  calledStationId?: string;
  callingStationId?: string;
  rawPacket: IRadiusPacket;
  clientAddress: string;
  clientPort: number;
}

/**
 * Accounting response
 */
export interface IAccountingResponse {
  success: boolean;
  attributes?: Array<{ type: number | string; value: string | number | Buffer }>;
}

/**
 * Authentication handler function type
 */
export type TAuthenticationHandler = (request: IAuthenticationRequest) => Promise<IAuthenticationResponse>;

/**
 * Accounting handler function type
 */
export type TAccountingHandler = (request: IAccountingRequest) => Promise<IAccountingResponse>;

/**
 * Client secret resolver - returns secret for a given client IP
 */
export type TSecretResolver = (clientAddress: string) => string | undefined;

/**
 * RADIUS Server options
 */
export interface IRadiusServerOptions {
  authPort?: number;
  acctPort?: number;
  bindAddress?: string;
  defaultSecret?: string;
  secretResolver?: TSecretResolver;
  authenticationHandler?: TAuthenticationHandler;
  accountingHandler?: TAccountingHandler;
  duplicateDetectionWindow?: number;  // ms
  maxPacketSize?: number;
}

/**
 * RADIUS server statistics
 */
export interface IRadiusServerStats {
  authRequests: number;
  authAccepts: number;
  authRejects: number;
  authChallenges: number;
  authInvalidPackets: number;
  authUnknownClients: number;
  acctRequests: number;
  acctResponses: number;
  acctInvalidPackets: number;
  acctUnknownClients: number;
}