exports.CONFIG = {
	MAIN: {
		NODE_ENV: 'production', // Environment mode: 'production' or 'development'
		CLOUDFLARE_ZONE_ID: '00000000000000000000000000000000', // API key for Cloudflare access
		CLOUDFLARE_API_KEY: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', // https://dash.cloudflare.com/profile/api-tokens
		ABUSEIPDB_API_KEY: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', // API key for reporting malicious IPs to AbuseIPDB
		RUN_ON_START: true, // Should the reporting function run immediately after the script starts?
		IPv6_SUPPORT: true, // Specifies whether the device has been assigned an IPv6 address.
	},

	CYCLES: {
		// CRON: Schedule for running cron jobs for reporting to AbuseIPDB.
		REPORT_SCHEDULE: '0 */2 * * *',

		// The minimum time (in hours) that must pass after reporting an IP address before it can be reported again.
		// The required time is >= 15 minutes, according to AbuseIPDB API limits.
		REPORTED_IP_COOLDOWN: 6 * 60 * 60 * 1000,

		// The maximum URI length that can be reported to AbuseIPDB.
		// If Cloudflare returns a longer URI, the API request will fail.
		MAX_URL_LENGTH: 780,

		// Additional delay (in milliseconds) after each successful IP report to avoid overloading the AbuseIPDB API.
		SUCCESS_COOLDOWN: 20,

		// CRON: Interval for refreshing your IP address. Default: every 6 hours
		// This ensures that WAF violations originating from your IP address are not reported to AbuseIPDB.
		IP_REFRESH_SCHEDULE: '0 */6 * * *',
	},

	SEFINEK_API: {
		// Report IP addresses to api.sefinek.net to support the development of the repository at https://github.com/sefinek/Malicious-IP-Addresses. SECRET_TOKEN is required if true.
		REPORT_TO_SEFIN_API: false,

		// Secret key for api.sefinek.net
		SECRET_TOKEN: '',

		// How often should the log (reported_ips.csv) be analyzed and sent to the Sefinek API?
		REPORT_SCHEDULE: '0 */1 * * *',
	},
};

exports.GENERATE_COMMENT = ({ action, clientAsn, clientASNDescription, clientRequestHTTPProtocol, clientRequestHTTPMethodName, clientRequestHTTPHost, clientRequestPath, clientRequestQuery, datetime, rayName, ruleId, userAgent, source, clientCountryName }) => {
	const fields = [
		{ label: 'Action taken', value: action?.toUpperCase() },
		{ label: 'ASN', value: `${clientAsn} (${clientASNDescription})` },
		{ label: 'Protocol', value: `${clientRequestHTTPProtocol} (${clientRequestHTTPMethodName} method)` },
		// { label: 'Zone', value: clientRequestHTTPHost },
		{ label: 'Endpoint', value: clientRequestPath },
		{ label: 'Query', value: clientRequestQuery },
		{ label: 'Timestamp', value: datetime },
		// { label: 'Ray ID', value: rayName },
		// { label: 'Rule ID', value: ruleId },
		{ label: 'UA', value: userAgent || 'Empty string' },
	];

	const reportLines = fields
		.filter(({ value }) => value)
		.map(({ label, value }) => `${label}: ${value}`);

	return `Triggered Cloudflare WAF (${source}) from ${clientCountryName}.
${reportLines.join('\n')}

This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB`; // Please do not remove the repository URL. I'd really appreciate it (:
};