#!/bin/bash
# OpenVPN client-connect script
# Called when a client connects successfully

# Environment variables provided by OpenVPN:
# - common_name: Client certificate CN
# - trusted_ip / untrusted_ip: Client's real IP
# - ifconfig_pool_remote_ip: Assigned VPN IP
# - dev: TUN/TAP device
# - time_unix: Connection timestamp

# Log connection (optional - log file might not be writable)
echo "$(date '+%Y-%m-%d %H:%M:%S') CONNECT: CN=$common_name IP=$trusted_ip VPN_IP=$ifconfig_pool_remote_ip" >> /var/log/openvpn/clients.log 2>/dev/null || true

# Notify API about connection (optional)
if [ -n "$API_URL" ]; then
    curl -s -X POST "$API_URL/vpn-servers/${VPN_SERVER_ID:-1}/client-connected" \
        -H "Content-Type: application/json" \
        -d "{\"common_name\": \"$common_name\", \"real_ip\": \"$trusted_ip\", \"vpn_ip\": \"$ifconfig_pool_remote_ip\"}" \
        2>/dev/null || true
fi

exit 0