import pytest
import subprocess

pytestmark = [pytest.mark.wg, pytest.mark.requires_internet]


def test_full_tunnel_routes_all_traffic(full_tunnel_peer):
    """Scenario 30: with AllowedIPs=0.0.0.0/0, external traffic routes through VPN."""
    # Check routing table — 0.0.0.0/0 should be via the WG interface
    result = subprocess.run(['ip', 'route', 'show'], capture_output=True, text=True)
    iface_name = full_tunnel_peer['iface'].iface_name
    # In full tunnel mode, the default route or the 0.0.0.0/1 + 128.0.0.0/1 split routes
    # point to the WG interface
    assert (iface_name in result.stdout or
            '0.0.0.0/1' in result.stdout or
            '128.0.0.0/1' in result.stdout), "Full tunnel routes not found"


@pytest.mark.requires_internet
def test_full_tunnel_changes_apparent_ip(full_tunnel_peer, pic_host):
    """External IP check via a local echo service — skip if no internet."""
    result = subprocess.run(
        ['curl', '-s', '--max-time', '5', 'https://ifconfig.me'],
        capture_output=True, text=True, timeout=10
    )
    if result.returncode != 0:
        pytest.skip("No internet access from test runner")
    apparent_ip = result.stdout.strip()
    # The apparent IP should NOT be the test runner's local IP
    # (it should be pic0's external IP if full tunnel is working)
    assert apparent_ip != '', "Could not determine apparent IP"