<?php
require_once('Models/AuthService.php');
require_once('Models/FacilityDataSet.php');
require_once('Models/User.php');

// Enable CORS
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
header('Content-Type: application/json');

// Handle OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

try {
    $facilityDataSet = new FacilityDataSet();
    
    // Handle POST requests for CRUD operations
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $action = $_POST['action'] ?? '';
        
        // Set up request data
        $request = [
            'action' => $action,
            'data' => $_POST
        ];
        
        // Apply different authentication checks based on action
        if ($action === 'read' || $action === 'getStatuses') {
            // These actions don't require authentication
            // No authentication check needed
        } else if (in_array($action, ['create', 'update', 'delete', 'editStatus', 'deleteStatus'])) {
            // These actions require admin privileges
            $auth = User::checkAdmin();
            if (!$auth) {
                // The checkAdmin method already sent the error response
                exit;
            }
        } else if ($action === 'status') {
            // This action requires authentication but not admin privileges
            $auth = User::checkAuth();
            if (!$auth) {
                // The checkAuth method already sent the error response
                exit;
            }
        } else {
            // Unknown action
            http_response_code(400);
            echo json_encode(['error' => 'Invalid action']);
            exit;
        }
        
        // Process the action
        switch ($action) {
            case 'read':
                $facilities = $facilityDataSet->fetchAll();
                if ($facilities) {
                    echo json_encode(['success' => true, 'facilities' => $facilities]);
                } else {
                    http_response_code(500);
                    echo json_encode(['error' => 'Failed to fetch facilities']);
                }
                break;
                
            case 'create':
                try {
                    $data = [
                        'title' => $_POST['title'],
                        'category' => $_POST['category'],
                        'description' => $_POST['description'],
                        'houseNumber' => $_POST['houseNumber'],
                        'streetName' => $_POST['streetName'],
                        'county' => $_POST['county'],
                        'town' => $_POST['town'],
                        'postcode' => $_POST['postcode'],
                        'lng' => $_POST['lng'],
                        'lat' => $_POST['lat'],
                        'contributor' => $auth['username']
                    ];
                    
                    $facility = $facilityDataSet->createFacility($data);
                    if ($facility) {
                        echo json_encode(['success' => true, 'facility' => $facility]);
                    } else {
                        http_response_code(500);
                        echo json_encode(['error' => 'Failed to create facility']);
                    }
                } catch (Exception $e) {
                    http_response_code(400);
                    echo json_encode(['error' => $e->getMessage()]);
                }
                break;
                
            case 'update':
                try {
                    $id = $_POST['id'];
                    $data = [
                        'title' => $_POST['title'],
                        'category' => $_POST['category'],
                        'description' => $_POST['description'],
                        'houseNumber' => $_POST['houseNumber'],
                        'streetName' => $_POST['streetName'],
                        'county' => $_POST['county'],
                        'town' => $_POST['town'],
                        'postcode' => $_POST['postcode'],
                        'lng' => $_POST['lng'],
                        'lat' => $_POST['lat'],
                        'contributor' => $auth['username']
                    ];
                    
                    $facility = $facilityDataSet->updateFacility($id, $data);
                    if ($facility) {
                        echo json_encode(['success' => true, 'facility' => $facility]);
                    } else {
                        http_response_code(500);
                        echo json_encode(['error' => 'Failed to update facility']);
                    }
                } catch (Exception $e) {
                    http_response_code(400);
                    echo json_encode(['error' => $e->getMessage()]);
                }
                break;
                
            case 'delete':
                $id = $_POST['id'];
                if ($facilityDataSet->deleteFacility($id)) {
                    echo json_encode(['success' => true]);
                } else {
                    http_response_code(500);
                    echo json_encode(['error' => 'Failed to delete facility']);
                }
                break;
                
            case 'status':
                $facilityId = $_POST['facilityId'];
                $statusComment = $_POST['statusComment'];
                
                if ($facilityDataSet->addFacilityStatus($facilityId, $statusComment)) {
                    echo json_encode(['success' => true]);
                } else {
                    http_response_code(500);
                    echo json_encode(['error' => 'Failed to add status']);
                }
                break;
                
            case 'getStatuses':
                if (!isset($_POST['facilityId'])) {
                    http_response_code(400);
                    echo json_encode(['error' => 'Facility ID is required']);
                    break;
                }
                
                $facilityId = $_POST['facilityId'];
                
                try {
                    $statuses = $facilityDataSet->getFacilityStatuses($facilityId);
                    if ($statuses === false) {
                        throw new Exception('Failed to fetch facility statuses');
                    }
                    
                    echo json_encode([
                        'success' => true, 
                        'statuses' => $statuses
                    ]);
                } catch (Exception $e) {
                    error_log('Error getting facility statuses: ' . $e->getMessage());
                    http_response_code(500);
                    echo json_encode([
                        'error' => 'Failed to load comments',
                        'message' => $e->getMessage()
                    ]);
                }
                break;
                
            case 'editStatus':
                $statusId = $_POST['statusId'];
                $statusComment = $_POST['statusComment'];
                
                if ($facilityDataSet->updateFacilityStatus($statusId, $statusComment)) {
                    echo json_encode(['success' => true]);
                } else {
                    http_response_code(500);
                    echo json_encode(['error' => 'Failed to update status']);
                }
                break;
                
            case 'deleteStatus':
                $statusId = $_POST['statusId'];
                
                if ($facilityDataSet->deleteFacilityStatus($statusId)) {
                    echo json_encode(['success' => true]);
                } else {
                    http_response_code(500);
                    echo json_encode(['error' => 'Failed to delete status']);
                }
                break;
                
            default:
                http_response_code(400);
                echo json_encode(['error' => 'Invalid action']);
                break;
        }
    } else {
        http_response_code(405);
        echo json_encode(['error' => 'Method not allowed']);
    }
} catch (Exception $e) {
    error_log('Facility controller error: ' . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'Server error', 'message' => $e->getMessage()]);
}