<?php
/**
 * Nabeh Payment Verification Endpoint
 *
 * Simplified: uses phone directly to find pending invoice (no S2S resolve_user).
 * Added Cliq AI verification with receipt image.
 *
 * ===============================
 * INPUT (JSON body)
 * ===============================
 * phone (required)       — User's phone number
 * payment_method (req)   — shamcash / cliq / sms / mtn
 * receipt_image (opt)    — Receipt screenshot for AI verification
 * image_mime_type (opt)  — Default: image/jpeg
 *
 * ===============================
 * FLOW
 * ===============================
 *  1. Auth via jwtconnect.php (X-API-Key → NABEH_API_KEY)
 *  2. Find latest pending invoice by phone + payment_method
 *  3. If shamcash/cliq + receipt_image → Gemini AI verification
 *     AI confirms → update status → finalize deposit → return success
 *  4. Otherwise return invoice status
 *
 * Auth: X-API-Key header → NABEH_API_KEY (via jwtconnect.php Path 5)
 */

require_once __DIR__ . '/../../jwtconnect.php';
require_once __DIR__ . '/../GeminiAi.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['status' => 'failure', 'message' => 'Method not allowed']);
    exit;
}

$raw = file_get_contents('php://input');
$data = json_decode($raw, true) ?: $_POST;

$phone          = preg_replace('/\D+/', '', $data['phone'] ?? '');
$paymentMethod  = strtolower(trim($data['payment_method'] ?? ''));
$receiptImage   = $data['receipt_image'] ?? '';
$imageMimeType  = $data['image_mime_type'] ?? 'image/jpeg';

if (empty($phone)) {
    printFailure('phone is required');
    exit;
}

$paymentMethod = $paymentMethod ?: 'shamcash';

// ═══════════════════════════════════════════════════════════════
// HELPER: find pending invoice by phone
// ═══════════════════════════════════════════════════════════════
function findPendingByPhone(PDO $con, string $table, string $phone, string $orderCol = 'created_at'): ?array
{
    $stmt = $con->prepare("
        SELECT id, invoice_number, amount, status, created_at
        FROM $table
        WHERE phone = ? AND status = 'pending'
        ORDER BY $orderCol DESC
        LIMIT 1
    ");
    $stmt->execute([$phone]);
    return $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
}

function findLastCompletedByPhone(PDO $con, string $table, string $phone): ?array
{
    $stmt = $con->prepare("
        SELECT id, invoice_number, amount, status, created_at
        FROM $table
        WHERE phone = ? AND status = 'completed'
        ORDER BY created_at DESC
        LIMIT 1
    ");
    $stmt->execute([$phone]);
    return $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
}

// ═══════════════════════════════════════════════════════════════
// SHAMCASH — AI Verification
// ═══════════════════════════════════════════════════════════════
if ($paymentMethod === 'shamcash') {
    $invoice = findPendingByPhone($con, 'invoices_shamcash', $phone);

    if (!$invoice) {
        $lastCompleted = findLastCompletedByPhone($con, 'invoices_shamcash', $phone);
        if ($lastCompleted) {
            echo json_encode([
                'status'   => 'success',
                'verified' => true,
                'message'  => 'آخر فاتورة لديك مكتملة بالفعل.',
                'invoice'  => $lastCompleted,
            ], JSON_UNESCAPED_UNICODE);
            exit;
        }
        echo json_encode([
            'status'   => 'success',
            'verified' => false,
            'message'  => 'لا توجد فاتورة معلقة. يرجى إنشاء فاتورة عبر تطبيق Siro أولاً.',
        ], JSON_UNESCAPED_UNICODE);
        exit;
    }

    if (empty($receiptImage)) {
        echo json_encode([
            'status'         => 'success',
            'verified'       => false,
            'requires_image' => true,
            'message'        => "تم العثور على فاتورة رقم {$invoice['invoice_number']} بمبلغ {$invoice['amount']} ل.س. يرجى إرسال صورة الإيصال.",
            'invoice'        => $invoice,
        ], JSON_UNESCAPED_UNICODE);
        exit;
    }

    // ── AI verify ───────────────────────────────────────────
    $geminiKey = getenv('GEMINI_API_KEY');
    if (empty($geminiKey)) {
        printFailure('AI verification service not configured');
        exit;
    }

    try {
        $gemini = new GeminiAi($geminiKey);
        $aiResult = $gemini->verifyPayment(
            $invoice['invoice_number'],
            $invoice['amount'],
            'ShamCash',
            '',
            $receiptImage
        );

        if (!empty($aiResult['verified'])) {
            $con->beginTransaction();
            $upd = $con->prepare("
                UPDATE invoices_shamcash
                SET status = 'processing'
                WHERE id = ? AND status = 'pending'
            ");
            $upd->execute([$invoice['id']]);

            if ($upd->rowCount() > 0) {
                require_once __DIR__ . '/../shamcash/finalize_deposit.php';
                $finalized = finalizeShamCashDeposit($con, $invoice['id']);
                if ($finalized) {
                    $con->commit();
                    echo json_encode([
                        'status'   => 'success',
                        'verified' => true,
                        'message'  => '✅ تم التحقق من عملية الدفع بنجاح! تم تحديث رصيد حسابك.',
                        'invoice'  => [
                            'invoice_number' => $invoice['invoice_number'],
                            'amount'         => $invoice['amount'],
                            'status'         => 'completed',
                        ],
                        'ai_reason' => $aiResult['reason'] ?? null,
                    ], JSON_UNESCAPED_UNICODE);
                } else {
                    $con->rollBack();
                    echo json_encode([
                        'status'  => 'error',
                        'message' => 'Verification passed but wallet update failed. Contact support.',
                    ], JSON_UNESCAPED_UNICODE);
                }
            } else {
                $con->rollBack();
                echo json_encode([
                    'status'   => 'success',
                    'verified' => false,
                    'message'  => 'These funds have already been credited.',
                ], JSON_UNESCAPED_UNICODE);
            }
        } else {
            $reason = $aiResult['reason'] ?? 'لم يتم التأكيد';
            echo json_encode([
                'status'    => 'success',
                'verified'  => false,
                'message'   => "⚠️ $reason",
                'ai_reason' => $reason,
            ], JSON_UNESCAPED_UNICODE);
        }
    } catch (Exception $e) {
        error_log("[Nabeh ShamCash AI] " . $e->getMessage());
        printFailure('AI verification service error');
    }
    exit;
}

// ═══════════════════════════════════════════════════════════════
// CLIQ — AI Verification (same pattern as ShamCash)
// ═══════════════════════════════════════════════════════════════
if ($paymentMethod === 'cliq') {
    $invoice = findPendingByPhone($con, 'cliq_invoices', $phone);

    if (!$invoice) {
        $lastCompleted = findLastCompletedByPhone($con, 'cliq_invoices', $phone);
        if ($lastCompleted) {
            echo json_encode([
                'status'   => 'success',
                'verified' => true,
                'message'  => 'آخر فاتورة لديك مكتملة بالفعل.',
                'invoice'  => $lastCompleted,
            ], JSON_UNESCAPED_UNICODE);
            exit;
        }
        echo json_encode([
            'status'   => 'success',
            'verified' => false,
            'message'  => 'لا توجد فاتورة معلقة. يرجى إنشاء فاتورة عبر تطبيق Siro أولاً.',
        ], JSON_UNESCAPED_UNICODE);
        exit;
    }

    if (empty($receiptImage)) {
        echo json_encode([
            'status'         => 'success',
            'verified'       => false,
            'requires_image' => true,
            'message'        => "تم العثور على فاتورة رقم {$invoice['invoice_number']} بمبلغ {$invoice['amount']} دينار. يرجى إرسال صورة الإيصال.",
            'invoice'        => $invoice,
        ], JSON_UNESCAPED_UNICODE);
        exit;
    }

    // ── AI verify ───────────────────────────────────────────
    $geminiKey = getenv('GEMINI_API_KEY');
    if (empty($geminiKey)) {
        printFailure('AI verification service not configured');
        exit;
    }

    try {
        $gemini = new GeminiAi($geminiKey);
        $aiResult = $gemini->verifyPayment(
            $invoice['invoice_number'],
            $invoice['amount'],
            'Cliq',
            '',
            $receiptImage
        );

        if (!empty($aiResult['verified'])) {
            $con->beginTransaction();
            $upd = $con->prepare("
                UPDATE cliq_invoices
                SET status = 'completed', updated_at = NOW()
                WHERE id = ? AND status = 'pending'
            ");
            $upd->execute([$invoice['id']]);

            if ($upd->rowCount() > 0) {
                require_once __DIR__ . '/../cliq/finalize_payment.php';
                $finalized = finalizeClickPayment($con, $invoice['id']);
                if ($finalized['success']) {
                    $con->commit();
                    echo json_encode([
                        'status'   => 'success',
                        'verified' => true,
                        'message'  => '✅ تم التحقق من عملية الدفع بنجاح! تم تحديث رصيد حسابك.',
                        'invoice'  => [
                            'invoice_number' => $invoice['invoice_number'],
                            'amount'         => $invoice['amount'],
                            'status'         => 'completed',
                        ],
                        'ai_reason' => $aiResult['reason'] ?? null,
                    ], JSON_UNESCAPED_UNICODE);
                } else {
                    $con->rollBack();
                    echo json_encode([
                        'status'  => 'error',
                        'message' => 'Verification passed but wallet update failed. Contact support.',
                    ], JSON_UNESCAPED_UNICODE);
                }
            } else {
                $con->rollBack();
                echo json_encode([
                    'status'   => 'success',
                    'verified' => false,
                    'message'  => 'These funds have already been credited.',
                ], JSON_UNESCAPED_UNICODE);
            }
        } else {
            $reason = $aiResult['reason'] ?? 'لم يتم التأكيد';
            echo json_encode([
                'status'    => 'success',
                'verified'  => false,
                'message'   => "⚠️ $reason",
                'ai_reason' => $reason,
            ], JSON_UNESCAPED_UNICODE);
        }
    } catch (Exception $e) {
        error_log("[Nabeh Cliq AI] " . $e->getMessage());
        printFailure('AI verification service error');
    }
    exit;
}

// ═══════════════════════════════════════════════════════════════
// SMS / SYRIATEL — Status query by phone
// ═══════════════════════════════════════════════════════════════
if ($paymentMethod === 'sms' || $paymentMethod === 'syriatel') {
    $stmt = $con->prepare("
        SELECT id, invoice_number, user_phone AS method_phone, amount, status, created_at, ? AS payment_method
        FROM invoices_sms
        WHERE phone = ? AND status = 'pending'
        ORDER BY created_at DESC
        LIMIT 5
    ");
    $stmt->execute([$paymentMethod, $phone]);
    $invoices = $stmt->fetchAll();

    echo json_encode([
        'status'   => 'success',
        'verified' => !empty($invoices),
        'message'  => empty($invoices) ? 'لا توجد فواتير معلقة.' : null,
        'invoices' => $invoices,
    ], JSON_UNESCAPED_UNICODE);
    exit;
}

// ═══════════════════════════════════════════════════════════════
// MTN — Status query by phone
// ═══════════════════════════════════════════════════════════════
if ($paymentMethod === 'mtn') {
    $stmt = $con->prepare("
        SELECT id, invoice_number, mtn_phone AS method_phone, amount, status,
               mtn_transaction_id AS transaction_id, created_at, updated_at AS paid_at, ? AS payment_method
        FROM mtn_invoices
        WHERE phone = ? AND status = 'pending'
        ORDER BY created_at DESC
        LIMIT 5
    ");
    $stmt->execute([$paymentMethod, $phone]);
    $invoices = $stmt->fetchAll();

    echo json_encode([
        'status'   => 'success',
        'verified' => !empty($invoices),
        'message'  => empty($invoices) ? 'لا توجد فواتير معلقة.' : null,
        'invoices' => $invoices,
    ], JSON_UNESCAPED_UNICODE);
    exit;
}

// ═══════════════════════════════════════════════════════════════
// UNKNOWN METHOD
// ═══════════════════════════════════════════════════════════════
printFailure("Invalid payment method: $paymentMethod");