<?php

namespace IQBall\Api;

use Exception;
use IQBall\Core\Action;
use IQBall\Core\Data\Account;
use IQBall\Core\Http\HttpCodes;
use IQBall\Core\Http\HttpResponse;
use IQBall\Core\Http\JsonHttpResponse;
use IQBall\Core\Validation\ValidationFail;

class API {
    public static function consume(HttpResponse $response): void {
        http_response_code($response->getCode());

        header('Access-Control-Allow-Origin: *');
        header('Access-Control-Allow-Headers: *');


        foreach ($response->getHeaders() as $header => $value) {
            header("$header: $value");
        }

        if ($response instanceof JsonHttpResponse) {
            header('Content-type: application/json');
            echo $response->getJson();
        } elseif (get_class($response) != HttpResponse::class) {
            throw new Exception("API returned unknown Http Response");
        }
    }


    /**
     * @param array<string, mixed>|false $match
     * @param callable(): Account $tryGetAuthorization function to return account authorisation for the given action (if required)
     * @return HttpResponse
     * @throws Exception
     */
    public static function handleMatch($match, callable $tryGetAuthorization): HttpResponse {
        if (!$match) {
            return new JsonHttpResponse([ValidationFail::notFound("not found")], HttpCodes::NOT_FOUND);
        }

        $action = $match['target'];
        if (!$action instanceof Action) {
            throw new Exception("routed action is not an AppAction object.");
        }

        $account = null;

        if ($action->getAuthType() != Action::NO_AUTH) {
            $account = call_user_func($tryGetAuthorization);
            if ($account == null) {
                return new JsonHttpResponse([ValidationFail::unauthorized("Missing or invalid 'Authorization' header.")], HttpCodes::UNAUTHORIZED);
            }

            if ($action->getAuthType() == Action::AUTH_ADMIN && !$account->getUser()->isAdmin()) {
                return new JsonHttpResponse([ValidationFail::unauthorized()], HttpCodes::UNAUTHORIZED);
            }
        }

        return $action->run($match['params'], $account);
    }
}