<?php
require_once('Models/AuthService.php');
require_once('Models/UserDataSet.php');
require_once('Models/User.php');

// Enable CORS
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
header('Content-Type: application/json');

// Handle OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

try {
    $auth = new AuthService();
    $userDataSet = new UserDataSet();

    // Handle POST request for login
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $data = json_decode(file_get_contents('php://input'), true);
        
        // Handle token refresh
        if (isset($data['action']) && $data['action'] === 'refresh') {
            if (!isset($data['refreshToken'])) {
                http_response_code(400);
                echo json_encode(['error' => 'Refresh token is required']);
                exit;
            }
            
            $refreshToken = $data['refreshToken'];
            $newToken = $auth->refreshToken($refreshToken);
            
            if (!$newToken) {
                http_response_code(401);
                echo json_encode(['error' => 'Invalid or expired refresh token']);
                exit;
            }
            
            echo json_encode([
                'success' => true,
                'token' => $newToken
            ]);
            exit;
        }
        
        // Handle login
        if (!isset($data['username']) || !isset($data['password'])) {
            http_response_code(400);
            echo json_encode(['error' => 'Username and password are required']);
            exit;
        }

        // Authenticate user
        $user = new User();
        $token = $user->Authenticate($data['username'], $data['password']);

        if ($token) {
            // Generate refresh token
            $refreshToken = $auth->generateRefreshToken([
                'id' => $user->getUserId(),
                'username' => $user->getUsername(),
                'accessLevel' => $user->getAccessLevel()
            ]);

            echo json_encode([
                'success' => true,
                'token' => $token,
                'refreshToken' => $refreshToken,
                'user' => [
                    'id' => $user->getUserId(),
                    'username' => $user->getUsername(),
                    'accessLevel' => $user->getAccessLevel()
                ]
            ]);
        } else {
            http_response_code(401);
            echo json_encode(['error' => 'Invalid credentials']);
        }
        exit;
    }

    // Handle GET request for token validation
    if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $auth = User::checkAuth(false);
        
        if ($auth) {
            echo json_encode([
                'valid' => true, 
                'user' => [
                    'id' => $auth['uid'],
                    'username' => $auth['username'],
                    'accessLevel' => $auth['accessLevel']
                ]
            ]);
        } else {
            http_response_code(401);
            echo json_encode(['valid' => false, 'error' => 'Invalid or expired token']);
        }
        exit;
    }

    http_response_code(405);
    echo json_encode(['error' => 'Method not allowed']);

} catch (Exception $e) {
    error_log('Auth error: ' . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'Server error', 'message' => $e->getMessage()]);
}