<?php
declare(strict_types=1);

// Autoloader + Session
$rootPath = dirname(__DIR__);
$publicPath = __DIR__;
$autoloadPreferred = $rootPath . '/vendor/autoload.php';
$autoloadFallback  = $publicPath . '/vendor/autoload.php';
if (file_exists($autoloadPreferred)) {
    require $autoloadPreferred;
} elseif (file_exists($autoloadFallback)) {
    require $autoloadFallback;
} else {
    http_response_code(500);
    echo 'Missing vendor autoload';
    exit;
}

if (session_status() !== PHP_SESSION_ACTIVE) {
    session_set_cookie_params([
        'lifetime' => 0,
        'path' => '/',
        'httponly' => true,
        'samesite' => 'Lax',
        'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'),
    ]);
    session_start();
}

use Slim\Factory\AppFactory;
use Slim\Views\Twig;
use Slim\Views\TwigMiddleware;
use Slim\Csrf\Guard as CsrfGuard;
use App\Infrastructure\Database;
use App\Middleware\SessionMiddleware;
use App\Middleware\AuthMiddleware;
use App\Middleware\RoleMiddleware;
use App\Controller\AuthController;
use App\Controller\DashboardController;
use App\Controller\TeamController;
use App\Controller\UserController;
use App\Controller\TaskController;
use App\Controller\ProtocolController;

$dotenv = Dotenv\Dotenv::createImmutable($rootPath);
$dotenv->safeLoad();

$app = AppFactory::create();

// Error handling
$displayErrorDetails = ($_ENV['APP_DEBUG'] ?? 'false') === 'true';
$app->addErrorMiddleware($displayErrorDetails, true, true);

// Twig
$twig = Twig::create($rootPath . '/templates', ['cache' => false]);
$app->add(TwigMiddleware::create($app, $twig));

// Session middleware
$app->add(new SessionMiddleware());

// CSRF
$csrf = new CsrfGuard($app->getResponseFactory());
$csrf->setPersistentTokenMode(true);

// Inject CSRF + session + flash into Twig
$app->add(function ($request, $handler) use ($twig, $csrf) {
    $nameKey  = $csrf->getTokenNameKey();
    $valueKey = $csrf->getTokenValueKey();
    $name  = $request->getAttribute($nameKey);
    $value = $request->getAttribute($valueKey);

    $twig->getEnvironment()->addGlobal('app', ['session' => $_SESSION ?? []]);
    $flash = $_SESSION['flash'] ?? null;
    if ($flash !== null) { $twig->getEnvironment()->addGlobal('flash', $flash); unset($_SESSION['flash']); }
    else { $twig->getEnvironment()->addGlobal('flash', null); }

    $twig->getEnvironment()->addGlobal('csrf', [
        'keys'  => ['name' => $nameKey, 'value' => $valueKey],
        'name'  => $name,
        'value' => $value,
    ]);

    return $handler->handle($request);
});
$app->add($csrf);

// DB
Database::init([
    'host' => $_ENV['DB_HOST'] ?? '127.0.0.1',
    'port' => (int)($_ENV['DB_PORT'] ?? 3306),
    'dbname' => $_ENV['DB_NAME'] ?? '',
    'user' => $_ENV['DB_USER'] ?? '',
    'pass' => $_ENV['DB_PASS'] ?? '',
    'charset' => 'utf8mb4',
]);

// Routes
$app->get('/', [DashboardController::class, 'index'])->add(new AuthMiddleware());
$app->get('/dashboard', [DashboardController::class, 'index'])->add(new AuthMiddleware());

// Auth
$app->get('/login', [AuthController::class, 'showLogin'])->setName('login');
$app->post('/login', [AuthController::class, 'login']);
$app->get('/logout', [AuthController::class, 'logout'])->setName('logout');

// Setup
$app->get('/setup', [AuthController::class, 'showSetup']);
$app->post('/setup', [AuthController::class, 'setup']);

// Teams
$teamRights = [new AuthMiddleware(), new RoleMiddleware(['admin','protokollfuehrer'])];
$app->get('/teams', [TeamController::class, 'index'])->add(...$teamRights);
$app->get('/teams/new', [TeamController::class, 'createForm'])->add(...$teamRights);
$app->post('/teams', [TeamController::class, 'create'])->add(...$teamRights);
$app->get('/teams/{id:[0-9]+}/edit', [TeamController::class, 'editForm'])->add(...$teamRights);
$app->post('/teams/{id:[0-9]+}', [TeamController::class, 'update'])->add(...$teamRights);
$app->post('/teams/{id:[0-9]+}/delete', [TeamController::class, 'delete'])->add(...$teamRights);

// Users
$userRights = [new AuthMiddleware(), new RoleMiddleware(['admin'])];
$app->get('/users', [UserController::class, 'index'])->add(...$userRights);
$app->get('/users/new', [UserController::class, 'createForm'])->add(...$userRights);
$app->post('/users', [UserController::class, 'create'])->add(...$userRights);
$app->get('/users/{id:[0-9]+}/edit', [UserController::class, 'editForm'])->add(...$userRights);
$app->post('/users/{id:[0-9]+}', [UserController::class, 'update'])->add(...$userRights);
$app->post('/users/{id:[0-9]+}/deactivate', [UserController::class, 'deactivate'])->add(...$userRights);
$app->post('/users/{id:[0-9]+}/activate', [UserController::class, 'activate'])->add(...$userRights);

// Protokolle
$protocolRights = [new AuthMiddleware(), new RoleMiddleware(['admin','protokollfuehrer'])];
$app->get('/protokolle', [ProtocolController::class, 'index'])->add(...$protocolRights);
$app->get('/protokolle/new', [ProtocolController::class, 'createForm'])->add(...$protocolRights);
$app->post('/protokolle', [ProtocolController::class, 'create'])->add(...$protocolRights);
$app->get('/protokolle/{id:[0-9]+}/edit', [ProtocolController::class, 'editForm'])->add(...$protocolRights);
$app->post('/protokolle/{id:[0-9]+}', [ProtocolController::class, 'update'])->add(...$protocolRights);
$app->post('/protokolle/{id:[0-9]+}/delete', [ProtocolController::class, 'delete'])->add(...$protocolRights);
$app->get('/protokolle/{id:[0-9]+}/versions', [ProtocolController::class, 'versions'])->add(...$protocolRights);

// Tasks
$app->get('/tasks', [TaskController::class, 'index'])->add(new AuthMiddleware());
$taskEditRights = [new AuthMiddleware(), new RoleMiddleware(['admin','protokollfuehrer','verantwortliche'])];
$app->get('/tasks/new', [TaskController::class, 'createForm'])->add(...$taskEditRights);
$app->post('/tasks', [TaskController::class, 'create'])->add(...$taskEditRights);
$app->get('/tasks/{id:[0-9]+}', [TaskController::class, 'show'])->add(new AuthMiddleware());
$app->get('/tasks/{id:[0-9]+}/edit', [TaskController::class, 'editForm'])->add(...$taskEditRights);
$app->post('/tasks/{id:[0-9]+}', [TaskController::class, 'update'])->add(...$taskEditRights);
$app->post('/tasks/{id:[0-9]+}/delete', [TaskController::class, 'delete'])->add(...$taskEditRights);
$app->post('/tasks/{id:[0-9]+}/comments', [TaskController::class, 'addComment'])->add(new AuthMiddleware());
$app->post('/tasks/{id:[0-9]+}/attachments', [TaskController::class, 'uploadAttachment'])->add(...$taskEditRights);
$app->get('/tasks/attachments/{attId:[0-9]+}/download', [TaskController::class, 'downloadAttachment'])->add(new AuthMiddleware());
$app->post('/tasks/attachments/{attId:[0-9]+}/delete', [TaskController::class, 'deleteAttachment'])->add(...$taskEditRights);

// Health
$app->get('/health', function ($request, $response) { $response->getBody()->write('OK'); return $response; });

// Diagnose: Liste der registrierten Routen
$app->get('/__routes', function ($request, $response) use ($app) {
    $routes = [];
    foreach ($app->getRouteCollector()->getRoutes() as $r) {
        $routes[] = [
            'methods' => $r->getMethods(),
            'pattern' => $r->getPattern(),
        ];
    }
    $response->getBody()->write(json_encode($routes, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
    return $response->withHeader('Content-Type', 'application/json');
});

$app->run();