<?php
/**
 * Nabeh Integration — Resolve Phone → User ID
 *
 * Called by the payment server (server-to-server) to resolve
 * a phone number to a driverID or passengerID.
 *
 * Why: The wallet's invoice tables (invoices_shamcash, cliq_invoices, etc.)
 * store driverID/passengerID, NOT phone numbers. Only the Siro main DB
 * has the phone→userID mapping (with encryption).
 *
 * This endpoint bridges that gap:
 *   Payment Server (phone) → Siro Backend (resolve_user.php) → driverID
 *   Payment Server (driverID) → Wallet DB → pending invoices → AI verify
 *
 * Auth: X-API-Key header → NABEH_API_KEY
 */

require_once __DIR__ . '/../core/bootstrap.php';

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, X-API-Key');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['status' => 'failure', 'message' => 'Method not allowed']);
    exit;
}

$apiKey = $_SERVER['HTTP_X_API_KEY'] ?? '';
$expectedKey = getenv('NABEH_API_KEY') ?: '';

if (empty($apiKey) || $apiKey !== $expectedKey) {
    http_response_code(401);
    echo json_encode(['status' => 'failure', 'message' => 'Unauthorized']);
    exit;
}

$input = json_decode(file_get_contents('php://input'), true);
$rawPhone = preg_replace('/\D+/', '', $input['phone'] ?? '');

if (empty($rawPhone)) {
    http_response_code(400);
    echo json_encode(['status' => 'failure', 'message' => 'Phone number is required']);
    exit;
}

// تطبيع رقم الهاتف حسب الدولة (بدون +، بدون أصفار زائدة)
// حتى يتطابق مع التخزين في قاعدة البيانات (مثال: 9639XXXXXXX)
function normalizePhone($phone) {
    $clean = preg_replace('/\D+/', '', $phone);
    // Syria: 099XXXXXXX → 9639XXXXXXX
    if (strlen($clean) === 10 && strpos($clean, '09') === 0) return '963' . substr($clean, 1);
    if (strlen($clean) === 12 && strpos($clean, '963') === 0) return $clean;
    if (strlen($clean) === 9  && strpos($clean, '9')  === 0) return '963' . $clean;
    // Jordan: 079XXXXXXX → 9627XXXXXXX
    if (strlen($clean) === 10 && strpos($clean, '07') === 0) return '962' . substr($clean, 1);
    if (strlen($clean) === 12 && strpos($clean, '962') === 0) return $clean;
    if (strlen($clean) === 9  && strpos($clean, '7')  === 0) return '962' . $clean;
    // Egypt: 010XXXXXXXX → 2010XXXXXXXX
    if (strlen($clean) === 11 && strpos($clean, '01') === 0) return '20' . substr($clean, 1);
    if (strlen($clean) === 13 && strpos($clean, '20') === 0) return $clean;
    return $clean;
}
$phone = normalizePhone($rawPhone);

try {
    $db = Database::get('main');
    global $encryptionHelper;

    $encryptedPhone = $encryptionHelper->encryptData($phone);

    // Look for driver first
    $stmt = $db->prepare(
        "SELECT id, phone, first_name, last_name FROM driver WHERE phone = :phone LIMIT 1"
    );
    $stmt->execute([':phone' => $encryptedPhone]);
    $driver = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($driver) {
        echo json_encode([
            'status' => 'success',
            'data' => [
                'user_id' => $driver['id'],
                'phone'   => $encryptionHelper->decryptData($driver['phone']),
                'name'    => trim(
                    $encryptionHelper->decryptData($driver['first_name'])
                    . ' ' .
                    $encryptionHelper->decryptData($driver['last_name'])
                ),
                'type'    => 'driver',
            ],
        ], JSON_UNESCAPED_UNICODE);
        exit;
    }

    // Fallback: look for passenger
    $stmt = $db->prepare(
        "SELECT id, phone, first_name, last_name FROM passengers WHERE phone = :phone LIMIT 1"
    );
    $stmt->execute([':phone' => $encryptedPhone]);
    $passenger = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($passenger) {
        echo json_encode([
            'status' => 'success',
            'data' => [
                'user_id' => $passenger['id'],
                'phone'   => $encryptionHelper->decryptData($passenger['phone']),
                'name'    => trim(
                    $encryptionHelper->decryptData($passenger['first_name'])
                    . ' ' .
                    $encryptionHelper->decryptData($passenger['last_name'])
                ),
                'type'    => 'passenger',
            ],
        ], JSON_UNESCAPED_UNICODE);
        exit;
    }

    echo json_encode([
        'status'  => 'success',
        'data'    => null,
        'message' => 'User not found',
    ]);

} catch (\Exception $e) {
    error_log("[ResolveUser Error] " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['status' => 'failure', 'message' => 'Internal server error']);
}