#!/bin/bash
# =============================================================================
# PQC Proxy Pentest Suite — Configuration
#
# This is the single source of truth for all target-specific values.
# Copy this file to config.local.sh for local overrides, or edit in place.
#
# Usage:
#   ./run_all.sh                  # full run against targets below
#   TARGET=https://myproxy.com API_TARGET=https://api.myproxy.com ./run_all.sh
# =============================================================================

# ── Absolute path to the suite root (auto-detected, override if needed) ──────
SUITE_ROOT="${SUITE_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)}"

# ── Primary web target ────────────────────────────────────────────────────────
# The public-facing web application URL (no trailing slash)
TARGET="${TARGET:-https://pqcrypta.com}"

# ── API target ────────────────────────────────────────────────────────────────
# The REST API server URL (no trailing slash)
API_TARGET="${API_TARGET:-https://api.pqcrypta.com}"

# ── Bare hostnames (derived from targets, override if your setup differs) ─────
TARGET_HOST="${TARGET_HOST:-$(echo "$TARGET" | sed 's|https\?://||;s|/.*||')}"
API_HOST="${API_HOST:-$(echo "$API_TARGET" | sed 's|https\?://||;s|/.*||')}"

# Hostname escaped for use inside grep/sed regex (dots → \.)
TARGET_HOST_ESCAPED="${TARGET_HOST//./\\.}"

# ── Internal service ports ────────────────────────────────────────────────────
# Port the backend API process listens on (used in SSRF probes to detect SSRF)
INTERNAL_API_PORT="${INTERNAL_API_PORT:-3003}"

# Port the proxy admin/metrics endpoint listens on
PROXY_ADMIN_PORT="${PROXY_ADMIN_PORT:-8082}"

# QUIC / WebTransport port
QUIC_PORT="${QUIC_PORT:-4433}"

# ── Project / namespace identifiers ──────────────────────────────────────────
# Short project name — used for S3 bucket guessing, npm/crates.io probes
PROJECT_NAME="${PROJECT_NAME:-pqcrypta}"

# GitHub org/repo for CI/CD checks (script 26)
GITHUB_REPO="${GITHUB_REPO:-PQCrypta/pqcrypta-proxy}"

# ── AI / chatbot endpoint ─────────────────────────────────────────────────────
# Full base URL for the chatbot/LLM endpoint (script 28)
CHAT_BASE="${CHAT_BASE:-${API_TARGET}/chatbot}"

# ── Brute-force credential list ───────────────────────────────────────────────
# Credential pairs tried in auth tests (script 15)  format: 'user:password'
BRUTE_CREDS=(
  "admin:admin"
  "admin:password"
  "admin:admin123"
  "admin:${PROJECT_NAME}"
  "root:root"
  "admin:"
  "administrator:administrator"
  "test:test"
)

# ── Browser user-agent ────────────────────────────────────────────────────────
BROWSER_UA='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36'
CURL_BROWSER="curl -sk -A '$BROWSER_UA'"

# ── Results output ────────────────────────────────────────────────────────────
# Where run results are stored. Override with RESULTS=/your/path before running.
RESULTS="${RESULTS:-$SUITE_ROOT/results}"

# Per-run output directory — set once by run_all.sh; scripts create their own if unset
if [ -z "$OUT" ]; then
  TIMESTAMP=$(date +%Y%m%d_%H%M%S)
  OUT="$RESULTS/run_$TIMESTAMP"
  mkdir -p "$OUT"
fi