rebreak-monorepo/backend/server/utils/adguard.ts

/**
 * AdGuard Home API Client für RebreakMagic DNS-over-HTTPS Client-Provisioning.
 * Docs: https://github.com/AdguardTeam/AdGuardHome/tree/master/openapi
 */

export interface AdGuardClientOptions {
  use_global_settings?: boolean;
  filtering_enabled?: boolean;
  parental_enabled?: boolean;
  safebrowsing_enabled?: boolean;
  safesearch_enabled?: boolean;
  blocked_services?: string[];
  upstreams?: string[];
  tags?: string[];
}

interface AdGuardClientPayload {
  name: string;
  ids: string[];
  use_global_settings?: boolean;
  filtering_enabled?: boolean;
  parental_enabled?: boolean;
  safebrowsing_enabled?: boolean;
  safesearch_enabled?: boolean;
  blocked_services?: string[];
  upstreams?: string[];
  tags?: string[];
}

/**
 * Erstellt einen AdGuard Persistent Client mit gegebener Client-ID (DNS-Token).
 * AdGuard nutzt die Client-ID im DoH-URL-Path: /dns-query/{clientId}
 *
 * @param name - Interner Client-Name (z.B. "magic_<deviceId>")
 * @param clientId - DNS-Token (wird in DoH URL embedded)
 * @param options - Filtering/Blocking-Optionen
 */
export async function createAdGuardClient(
  name: string,
  clientId: string,
  options: AdGuardClientOptions = {},
): Promise<void> {
  const config = useRuntimeConfig();
  const baseUrl = config.adguardBaseUrl || "https://dns.rebreak.org";
  const user = config.adguardUser;
  const password = config.adguardPassword;

  if (!user || !password) {
    throw createError({
      statusCode: 500,
      message: "ADGUARD_USER and ADGUARD_PASSWORD required for Magic features",
    });
  }

  const payload: AdGuardClientPayload = {
    name,
    ids: [clientId],
    ...options,
  };

  const authHeader = `Basic ${Buffer.from(`${user}:${password}`).toString("base64")}`;

  try {
    const response = await $fetch(`${baseUrl}/control/clients/add`, {
      method: "POST",
      headers: {
        Authorization: authHeader,
        "Content-Type": "application/json",
      },
      body: payload,
    });
    return response as void;
  } catch (err: any) {
    console.error("[AdGuard] Client creation failed:", err);
    throw createError({
      statusCode: 502,
      message: `AdGuard API error: ${err.message || "unknown"}`,
    });
  }
}

/**
 * Löscht einen AdGuard Persistent Client.
 * @param name - Interner Client-Name (z.B. "magic_<deviceId>")
 */
export async function deleteAdGuardClient(name: string): Promise<void> {
  const config = useRuntimeConfig();
  const baseUrl = config.adguardBaseUrl || "https://dns.rebreak.org";
  const user = config.adguardUser;
  const password = config.adguardPassword;

  if (!user || !password) {
    throw createError({
      statusCode: 500,
      message: "ADGUARD_USER and ADGUARD_PASSWORD required for Magic features",
    });
  }

  const authHeader = `Basic ${Buffer.from(`${user}:${password}`).toString("base64")}`;

  try {
    const response = await $fetch(`${baseUrl}/control/clients/delete`, {
      method: "POST",
      headers: {
        Authorization: authHeader,
        "Content-Type": "application/json",
      },
      body: { name },
    });
    return response as void;
  } catch (err: any) {
    console.error("[AdGuard] Client deletion failed:", err);
    throw createError({
      statusCode: 502,
      message: `AdGuard API error: ${err.message || "unknown"}`,
    });
  }
}