-module(ereproxy_config).
-export([ciphers/0, config/0, select_destination/1]).

-include("ereproxy_config.hrl").

config() ->
    #cfg{listen = [{http, 80}, {https, 443}],
	 ssl_opts = [{certfile, "example/cert.pem"},
		     {keyfile, "example/key.pem"},
                     {versions, [tlsv1,  'tlsv1.1', 'tlsv1.2']},
                     {ciphers, ciphers()},
		     {secure_renegotiate, true}]
	}.

%% select_destination
select_destination(HostName) ->
    case lists:keysearch(HostName, 1, destination_list()) of
	{value, {HostName, Destination}} -> Destination;
	_UnknownHostName -> destination_default()
    end.

destination_default() ->
    {"192.168.130.35", 80}.

destination_list() ->
    [
     {"code.sotun.de", {"192.168.130.103", 80}},
     {"wave.sotun.de", {"192.168.130.111", 9898}}
     | [{WWW ++ "kraut" ++ Dash ++ "computing." ++ TLD,
	{"192.168.130.37", 80}}
       || WWW <- ["", "www."],
	  Dash <- ["", "-"],
	  TLD <- ["com", "de", "net", "eu", "org", "at"] ]
    ].

ciphers() -> filter_ciphers(ssl:cipher_suites()).

filter_ciphers([{_, '3des_ede_cbc', _} | Rest]) -> filter_ciphers(Rest);
filter_ciphers([{_, des_cbc,        _} | Rest]) -> filter_ciphers(Rest);
filter_ciphers([{_, rc4_128,        _} | Rest]) -> filter_ciphers(Rest);
filter_ciphers([Cipher | Rest]) -> [Cipher | filter_ciphers(Rest)];
filter_ciphers([]) -> [].