xyzw_web_helper/setup-firewall.ps1

# XYZW Token Manager - 防火墙配置脚本
# 需要以管理员权限运行

# 设置控制台编码为UTF-8
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
$OutputEncoding = [System.Text.Encoding]::UTF8
chcp 65001 | Out-Null

Write-Host "================================" -ForegroundColor Cyan
Write-Host "XYZW Token Manager" -ForegroundColor Cyan
Write-Host "防火墙配置脚本" -ForegroundColor Cyan
Write-Host "================================" -ForegroundColor Cyan
Write-Host ""

# 检查管理员权限
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

if (-not $isAdmin) {
    Write-Host "[错误] 此脚本需要管理员权限" -ForegroundColor Red
    Write-Host "请右键点击此脚本，选择'以管理员身份运行'" -ForegroundColor Yellow
    Write-Host ""
    Read-Host "按回车键退出"
    exit 1
}

Write-Host "[检查] 正在检查现有防火墙规则..." -ForegroundColor Yellow

# 检查是否已存在规则
$existingRule = Get-NetFirewallRule -DisplayName "XYZW Token Manager - 25432" -ErrorAction SilentlyContinue

if ($existingRule) {
    Write-Host "[发现] 已存在防火墙规则" -ForegroundColor Green
    Write-Host ""
    $response = Read-Host "是否要删除并重新创建规则？(Y/N)"
    
    if ($response -eq 'Y' -or $response -eq 'y') {
        Write-Host "[删除] 正在删除旧规则..." -ForegroundColor Yellow
        Remove-NetFirewallRule -DisplayName "XYZW Token Manager - 25432"
        Write-Host "[成功] 旧规则已删除" -ForegroundColor Green
    } else {
        Write-Host "[跳过] 保留现有规则" -ForegroundColor Yellow
        Write-Host ""
        Read-Host "按回车键退出"
        exit 0
    }
}

Write-Host ""
Write-Host "[创建] 正在添加防火墙规则..." -ForegroundColor Yellow
Write-Host "  - 端口: 25432" -ForegroundColor Gray
Write-Host "  - 协议: TCP" -ForegroundColor Gray
Write-Host "  - 方向: 入站" -ForegroundColor Gray
Write-Host "  - 配置: 所有配置文件（域/专用/公用）" -ForegroundColor Gray

try {
    # 创建新的防火墙规则
    New-NetFirewallRule `
        -DisplayName "XYZW Token Manager - 25432" `
        -Description "允许XYZW Token Manager通过端口25432访问（IPv4和IPv6）" `
        -Direction Inbound `
        -LocalPort 25432 `
        -Protocol TCP `
        -Action Allow `
        -Profile Any `
        -Enabled True | Out-Null
    
    Write-Host ""
    Write-Host "[成功] 防火墙规则创建成功！" -ForegroundColor Green
    
} catch {
    Write-Host ""
    Write-Host "[错误] 创建防火墙规则失败" -ForegroundColor Red
    Write-Host "错误信息: $($_.Exception.Message)" -ForegroundColor Red
    Write-Host ""
    Read-Host "按回车键退出"
    exit 1
}

Write-Host ""
Write-Host "================================" -ForegroundColor Cyan
Write-Host "配置完成" -ForegroundColor Cyan
Write-Host "================================" -ForegroundColor Cyan
Write-Host ""

# 显示创建的规则详情
Write-Host "[规则详情]" -ForegroundColor Cyan
$rule = Get-NetFirewallRule -DisplayName "XYZW Token Manager - 25432"
$addressFilter = $rule | Get-NetFirewallAddressFilter
$portFilter = $rule | Get-NetFirewallPortFilter
$applicationFilter = $rule | Get-NetFirewallApplicationFilter

Write-Host "  名称: $($rule.DisplayName)" -ForegroundColor White
Write-Host "  启用: $($rule.Enabled)" -ForegroundColor White
Write-Host "  方向: $($rule.Direction)" -ForegroundColor White
Write-Host "  操作: $($rule.Action)" -ForegroundColor White
Write-Host "  协议: $($portFilter.Protocol)" -ForegroundColor White
Write-Host "  端口: $($portFilter.LocalPort)" -ForegroundColor White
Write-Host "  配置: $($rule.Profile)" -ForegroundColor White

Write-Host ""
Write-Host "[下一步]" -ForegroundColor Cyan
Write-Host "1. 确保DNS已配置IPv6 AAAA记录指向你的服务器" -ForegroundColor White
Write-Host "2. 运行 start-deploy.bat 启动服务" -ForegroundColor White
Write-Host "3. 通过 http://winnas.whtnas.top:25432 访问" -ForegroundColor White
Write-Host ""

Write-Host "[验证命令]" -ForegroundColor Cyan
Write-Host "# 检查端口监听状态" -ForegroundColor Gray
Write-Host "netstat -ano | findstr 25432" -ForegroundColor Yellow
Write-Host ""
Write-Host "# 测试本地访问" -ForegroundColor Gray
Write-Host "curl http://localhost:25432" -ForegroundColor Yellow
Write-Host ""
Write-Host "# 测试域名访问" -ForegroundColor Gray
Write-Host "curl http://winnas.whtnas.top:25432" -ForegroundColor Yellow
Write-Host ""

Read-Host "按回车键退出"