<?php
// ============================================================
// uploadImagePortrate.php
// رفع صورة الكابتن بأمان
// ============================================================

require_once __DIR__ . '/connect.php'; // يفترض أنه يستدعي core/bootstrap.php

uploadLog("🚀 [uploadImagePortrate.php] Profile image upload script execution started.");

try {
    // Check if $_FILES has errors
    if (isset($_FILES['image'])) {
        uploadLog("$_FILES['image'] metadata", 'INFO', [
            'name' => $_FILES['image']['name'] ?? 'unknown',
            'type' => $_FILES['image']['type'] ?? 'unknown',
            'size' => $_FILES['image']['size'] ?? 0,
            'upload_error_code' => $_FILES['image']['error'] ?? UPLOAD_ERR_OK
        ]);
    } else {
        uploadLog("No 'image' file was sent in the request.", 'WARNING');
    }

    // 1. Rate Limiting للرفع
    $limiter = new RateLimiter($redis);
    $limiter->enforce(RateLimiter::identifier($user_id ?? null), 'upload');

    // Force driverID from JWT — never trust user-supplied driverID
    $driverID = $user_id;
    uploadLog("📥 Using JWT driverID: $driverID");

    if (empty($driverID)) {
        uploadLog("❌ Driver ID from JWT is missing.", 'ERROR');
        jsonError('Authentication required.', 400);
    }

    // 2. استخدام دالة الرفع الآمنة (MIME check, random name, 5MB limit)
    $target_dir = __DIR__ . "/portrate_captain_image/";
    $uploadResult = uploadImageSecure('image', $target_dir, $driverID);

    if (!$uploadResult['success']) {
        uploadLog("❌ Image upload failed", 'ERROR', ['driverID' => $driverID, 'error' => $uploadResult['error']]);
        securityLog("❌ Image upload failed", ['driverID' => $driverID, 'error' => $uploadResult['error']]);
        jsonError($uploadResult['error'], 400);
    }

    $new_filename = $uploadResult['filename'];
    uploadLog("✅ File moved successfully to: " . $uploadResult['path']);

    // 3. تحديث قاعدة البيانات ديناميكياً
    // Use configured domain instead of Host header to prevent host header injection
    $host = getenv('APP_DOMAIN') ?: 'api.siromove.com';
    $protocol = 'https';
    $linkImage = "$protocol://$host/siro/portrate_captain_image/" . $new_filename;
    
    // تأكد من أن الاتصال قادم من connect.php أو اجلبه
    $con = Database::get('main');

    // التحقق من وجود السائق في جدول الصور الشخصية
    $stmt = $con->prepare("SELECT COUNT(*) FROM imageProfileCaptain WHERE driverID = ?");
    $stmt->execute([$driverID]);
    $count = $stmt->fetchColumn();

    if ($count > 0) {
        // تحديث
        $updateSQL = "UPDATE imageProfileCaptain SET image_name = ?, link = ? WHERE driverID = ?";
        $updateStmt = $con->prepare($updateSQL);
        $success = $updateStmt->execute([$new_filename, $linkImage, $driverID]);
    } else {
        // إدخال جديد
        $insertSQL = "INSERT INTO imageProfileCaptain (driverID, image_name, link) VALUES (?, ?, ?)";
        $insertStmt = $con->prepare($insertSQL);
        $success = $insertStmt->execute([$driverID, $new_filename, $linkImage]);
    }

    if ($success) {
        uploadLog("✅ Record updated for driverID: $driverID, Link: $linkImage");
        jsonSuccess(['file_link' => $linkImage], 'Record updated successfully.');
    } else {
        uploadLog("❌ Failed to update DB record for driverID: $driverID", 'ERROR');
        jsonError('Failed to update record.', 500);
    }

} catch (PDOException $e) {
    securityLog("💥 PDO ERROR in uploadImage", ['error' => $e->getMessage()]);
    jsonError('Database error.', 500);
} catch (Exception $e) {
    securityLog("💥 GENERAL ERROR in uploadImage", ['error' => $e->getMessage()]);
    jsonError('Server error.', 500);
}