<?php

require "../../config.php";
require "../../vendor/autoload.php";
require "../../sql/database.php";
require "../../src/index-utils.php";

use IQBall\Api\API;
use IQBall\Api\Controller\APIAccountsController;
use IQBall\Api\Controller\APIAuthController;
use IQBall\Api\Controller\APIServerController;
use IQBall\Api\Controller\APITacticController;
use IQBall\App\Session\PhpSessionHandle;
use IQBall\Core\Action;
use IQBall\Core\Connection;
use IQBall\Core\Data\Account;
use IQBall\Core\Gateway\AccountGateway;
use IQBall\Core\Gateway\TacticInfoGateway;
use IQBall\Core\Model\AuthModel;
use IQBall\Core\Model\TacticModel;

$basePath = get_public_path(__DIR__);

function getTacticController(): APITacticController {
    return new APITacticController(new TacticModel(new TacticInfoGateway(new Connection(get_database()))));
}

function getAuthController(): APIAuthController {
    return new APIAuthController(new AuthModel(new AccountGateway(new Connection(get_database()))));
}

function getAccountController(): APIAccountsController {
    $con = new Connection(get_database());
    $gw = new AccountGateway($con);
    return new APIAccountsController(new AuthModel($gw), $gw);
}

function getServerController(): APIServerController {
    global $basePath;
    return new APIServerController($basePath, get_database());
}

function getRoutes(): AltoRouter {
    $router = new AltoRouter();
    global $basePath;
    $router->setBasePath($basePath);

    $router->map("POST", "/auth", Action::noAuth(fn() => getAuthController()->authorize()));
    $router->map("POST", "/tactic/[i:id]/edit/name", Action::auth(fn(int $id, Account $acc) => getTacticController()->updateName($id, $acc)));
    $router->map("POST", "/tactic/[i:id]/save", Action::auth(fn(int $id, Account $acc) => getTacticController()->saveContent($id, $acc)));

    $router->map("GET", "/admin/list-users", Action::noAuth(fn() => getAccountController()->listUsers($_GET)));
    $router->map("GET", "/admin/user/[i:id]", Action::noAuth(fn(int $id) => getAccountController()->getUser($id)));
    $router->map("GET", "/admin/user/[i:id]/space", Action::noAuth(fn(int $id) => getTacticController()->getUserTactics($id)));
    $router->map("POST", "/admin/user/add", Action::noAuth(fn() => getAccountController()->addUser()));
    $router->map("POST", "/admin/user/remove-all", Action::noAuth(fn() => getAccountController()->removeUsers()));
    $router->map("POST", "/admin/user/[i:id]/update", Action::noAuth(fn(int $id) => getAccountController()->updateUser($id)));
    $router->map("GET", "/admin/server-info", Action::noAuth(fn() => getServerController()->getServerInfo()));

    return $router;
}

/**
 * Defines the way of being authorised through the API
 * By checking if an Authorisation header is set, and by expecting its value to be a valid token of an account.
 * If the header is not set, fallback to the App's PHP session system, and try to extract the account from it.
 * @return Account|null
 * @throws Exception
 */
function tryGetAuthorization(): ?Account {
    $headers = getallheaders();

    // If no authorization header is set, try fallback to php session.
    if (!isset($headers['Authorization'])) {
        $session = PhpSessionHandle::init();
        return $session->getAccount();
    }
    $token = $headers['Authorization'];
    $gateway = new AccountGateway(new Connection(get_database()));
    return $gateway->getAccountFromToken($token);
}

Api::consume(API::handleMatch(getRoutes()->match(), fn() => tryGetAuthorization()));