{{- if .Values.api7.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "api7ee.fullname" . }}-adc-config
  labels:
    {{- include "api7ee.labels" . | nindent 4 }}
    app.kubernetes.io/component: adc
data:
  adc-config.yaml: |
    services:
      # Web Frontend Service
      - name: {{ include "api7ee.fullname" . }}-web-service
        hosts:
          - {{ (first .Values.api7.hosts) | quote }}
        upstream:
          name: {{ include "api7ee.fullname" . }}-web-upstream
          scheme: http
          type: roundrobin
          nodes:
            - host: {{ include "api7ee.fullname" . }}-web.{{ .Release.Namespace }}.svc.cluster.local
              port: {{ .Values.web.service.port }}
              weight: 100
        routes:
          # Route for web frontend (all paths except /api)
          - name: {{ include "api7ee.fullname" . }}-web-route
            uris:
              - /*
            vars:
              - - uri
                - "~~"
                - "^(?!/api)"
            priority: 1
            plugins:
              {{- if .Values.api7.tls.enabled }}
              redirect:
                http_to_https: true
              {{- end }}
              {{- if .Values.api7.plugins.cors.enabled }}
              cors:
                allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
                allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
                allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
                expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
                max_age: {{ .Values.api7.plugins.cors.maxAge }}
                allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
              {{- end }}

      # API Backend Service
      - name: {{ include "api7ee.fullname" . }}-api-service
        hosts:
          - {{ (first .Values.api7.hosts) | quote }}
        upstream:
          name: {{ include "api7ee.fullname" . }}-api-upstream
          scheme: http
          type: roundrobin
          nodes:
            - host: {{ include "api7ee.fullname" . }}-api.{{ .Release.Namespace }}.svc.cluster.local
              port: {{ .Values.api.service.port }}
              weight: 100
        routes:
          # High priority route for LLM endpoints with AI rate limiting
          - name: {{ include "api7ee.fullname" . }}-api-llm-route
            uris:
              - /api/llm
              - /api/llm/*
            priority: 20
            plugins:
              {{- if .Values.api7.tls.enabled }}
              redirect:
                http_to_https: true
              {{- end }}
              {{- if .Values.api7.plugins.cors.enabled }}
              cors:
                allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
                allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
                allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
                expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
                max_age: {{ .Values.api7.plugins.cors.maxAge }}
                allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
              {{- end }}
              {{- if .Values.api7.plugins.aiRateLimit.enabled }}
              ai-rate-limiting:
                limit: {{ .Values.api7.plugins.aiRateLimit.limit }}
                time_window: {{ .Values.api7.plugins.aiRateLimit.timeWindow }}
                rejected_code: {{ .Values.api7.plugins.aiRateLimit.rejectedCode }}
                limit_strategy: {{ .Values.api7.plugins.aiRateLimit.limitStrategy | quote }}
              {{- end }}

          # Standard API route with request rate limiting
          - name: {{ include "api7ee.fullname" . }}-api-route
            uris:
              - /api
              - /api/*
            priority: 10
            plugins:
              {{- if .Values.api7.tls.enabled }}
              redirect:
                http_to_https: true
              {{- end }}
              {{- if .Values.api7.plugins.cors.enabled }}
              cors:
                allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
                allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
                allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
                expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
                max_age: {{ .Values.api7.plugins.cors.maxAge }}
                allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
              {{- end }}
              {{- if .Values.api7.plugins.rateLimit.enabled }}
              limit-count:
                count: {{ .Values.api7.plugins.rateLimit.count }}
                time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
                rejected_code: {{ .Values.api7.plugins.rateLimit.rejectedCode }}
                key_type: {{ .Values.api7.plugins.rateLimit.keyType | quote }}
                key: {{ .Values.api7.plugins.rateLimit.key | quote }}
              {{- end }}

    {{- if .Values.api7.plugins.auth.enabled }}
    # API Consumers for authentication
    consumers:
      {{- range .Values.api7.consumers }}
      - username: {{ .username }}
        plugins:
          key-auth:
            key: {{ .apiKey }}
      {{- end }}
    {{- end }}

    # Global Rules
    global_rules:
      {{- if .Values.api7.plugins.prometheus.enabled }}
      - id: prometheus-metrics
        plugins:
          prometheus:
            prefer_name: true
      {{- end }}
      {{- if .Values.api7.plugins.logging.enabled }}
      - id: request-logging
        plugins:
          http-logger:
            uri: {{ .Values.api7.plugins.logging.endpoint }}
            batch_max_size: {{ .Values.api7.plugins.logging.batchMaxSize | default 1000 }}
            inactive_timeout: {{ .Values.api7.plugins.logging.inactiveTimeout | default 5 }}
      {{- end }}
{{- end }}