namespace NATS.Server;

/// <summary>
/// MQTT protocol configuration options.
/// Corresponds to Go server/opts.go MQTTOpts struct.
/// Config is parsed and stored but no MQTT listener is started yet.
/// </summary>
public sealed class MqttOptions
{
    // Network
    /// <summary>Host interface for the MQTT listener.</summary>
    public string Host { get; set; } = "";
    /// <summary>Port for the MQTT listener.</summary>
    public int Port { get; set; }

    // Auth override (MQTT-specific, separate from global auth)
    /// <summary>Default user to apply when MQTT clients connect without credentials.</summary>
    public string? NoAuthUser { get; set; }
    /// <summary>Optional username required for MQTT authentication.</summary>
    public string? Username { get; set; }
    /// <summary>Optional password required for MQTT authentication.</summary>
    public string? Password { get; set; }
    /// <summary>Optional bearer token accepted for MQTT authentication.</summary>
    public string? Token { get; set; }
    /// <summary>Authentication timeout in seconds for MQTT CONNECT processing.</summary>
    public double AuthTimeout { get; set; }

    // TLS
    /// <summary>Path to the server certificate used for MQTT TLS.</summary>
    public string? TlsCert { get; set; }
    /// <summary>Path to the private key used for MQTT TLS.</summary>
    public string? TlsKey { get; set; }
    /// <summary>Path to the CA certificate bundle used to validate peer certificates.</summary>
    public string? TlsCaCert { get; set; }
    /// <summary>Enables client certificate verification for MQTT TLS connections.</summary>
    public bool TlsVerify { get; set; }
    /// <summary>TLS handshake timeout in seconds for MQTT clients.</summary>
    public double TlsTimeout { get; set; } = 2.0;
    /// <summary>Enables TLS certificate subject mapping to users.</summary>
    public bool TlsMap { get; set; }
    /// <summary>Set of pinned client certificate fingerprints allowed for MQTT connections.</summary>
    public HashSet<string>? TlsPinnedCerts { get; set; }

    // JetStream integration
    /// <summary>JetStream domain used by MQTT-backed streams and consumers.</summary>
    public string? JsDomain { get; set; }
    /// <summary>Replica count for MQTT-created JetStream streams.</summary>
    public int StreamReplicas { get; set; }
    /// <summary>Replica count for MQTT-created JetStream consumers.</summary>
    public int ConsumerReplicas { get; set; }
    /// <summary>Stores MQTT JetStream consumer state in memory when enabled.</summary>
    public bool ConsumerMemoryStorage { get; set; }
    /// <summary>Idle timeout after which inactive MQTT consumers are cleaned up.</summary>
    public TimeSpan ConsumerInactiveThreshold { get; set; }

    // QoS
    /// <summary>Maximum time to wait for QoS acknowledgements before redelivery.</summary>
    public TimeSpan AckWait { get; set; } = TimeSpan.FromSeconds(30);
    /// <summary>Maximum number of outstanding unacknowledged QoS messages per consumer.</summary>
    public ushort MaxAckPending { get; set; }
    /// <summary>Timeout for internal JetStream API requests made by MQTT components.</summary>
    public TimeSpan JsApiTimeout { get; set; } = TimeSpan.FromSeconds(5);
    /// <summary>Enables durable MQTT session persistence across reconnects.</summary>
    public bool SessionPersistence { get; set; } = true;
    /// <summary>Time-to-live for persisted MQTT session state.</summary>
    public TimeSpan SessionTtl { get; set; } = TimeSpan.FromHours(1);
    /// <summary>Enables sending PUBACK for QoS 1 publishes.</summary>
    public bool Qos1PubAck { get; set; } = true;

    /// <summary>Indicates whether MQTT TLS is configured with both certificate and key.</summary>
    public bool HasTls => TlsCert != null && TlsKey != null;
}