package model

import (
	"time"

	"gorm.io/gorm"
)

// IPBan represents a global IP/CIDR ban rule.
// IP bans are enforced by the data plane (balancer) before token validation.
type IPBan struct {
	gorm.Model
	CIDR      string `gorm:"size:64;uniqueIndex;not null" json:"cidr"`   // Normalized CIDR (IPv4 /32, IPv6 /128)
	Status    string `gorm:"size:20;default:'active';index" json:"status"` // active, expired
	Reason    string `gorm:"size:512" json:"reason,omitempty"`            // Optional ban reason
	ExpiresAt *int64 `gorm:"index" json:"expires_at,omitempty"`           // Unix timestamp, nil = permanent
	HitCount  int64  `gorm:"default:0" json:"hit_count"`                  // Number of blocked requests (synced from Redis)
	CreatedBy string `gorm:"size:128" json:"created_by,omitempty"`        // Creator identifier
}

// IPBanStatus constants
const (
	IPBanStatusActive  = "active"
	IPBanStatusExpired = "expired"
)

// IsExpired returns true if the ban has expired.
func (b *IPBan) IsExpired() bool {
	if b.ExpiresAt == nil {
		return false // permanent ban
	}
	return time.Now().Unix() >= *b.ExpiresAt
}

// TableName returns the table name for IPBan.
func (IPBan) TableName() string {
	return "ip_bans"
}