<?php
/**
 * Invoice Upload Endpoint (Multi-Tenant & Role-Aware)
 */

// تفعيل إظهار الأخطاء برمجياً لهذه الصفحة فقط لضمان عدم وجود فشل صامت
ini_set('display_errors', 0); // اجعلها 1 مؤقتاً إذا استمرت المشكلة لمعرفة الخطأ من السيرفر
error_reporting(E_ALL);

use App\Core\Database;
use App\Middleware\AuthMiddleware;
use App\Core\AI;
use App\Core\Encryption;
use App\Middleware\QuotaMiddleware;

try {
    // 1. Auth Check
    $decoded = AuthMiddleware::check();
    $tenantId = $decoded['tenant_id'];
    $userId = $decoded['user_id'];

    // --- QUOTA CHECK ---
    QuotaMiddleware::checkInvoiceQuota($tenantId);
    // -------------------

    $db = Database::getInstance();

    $allowedRoles = ['admin', 'accountant', 'employee'];
    if (!in_array($decoded['role'], $allowedRoles)) {
        json_error('غير مصرح لك برفع الفواتير', 403);
        exit;
    }

    // 2. Validate Request
    // استخدام $_POST للتعامل الآمن مع multipart/form-data
    $companyId = $_POST['company_id'] ?? null;
    if (!$companyId && function_exists('input')) {
        $data = input();
        $companyId = $data['company_id'] ?? null;
    }

    if (!$companyId || !isset($_FILES['invoice']) || $_FILES['invoice']['error'] !== UPLOAD_ERR_OK) {
        $uploadError = $_FILES['invoice']['error'] ?? 'No File';
        json_error('رقم الشركة وملف الفاتورة مطلوبان، أو حدث خطأ أثناء الرفع (كود الخطأ: ' . $uploadError . ')', 422);
        exit;
    }

    // 3. Permission Check
    $stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
    $stmt->execute([$companyId, $tenantId]);

    if (!$stmt->fetch()) {
        json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403);
        exit;
    }

    // 4. Handle File Upload
    $tenantDir = STORAGE_PATH . '/invoices/' . $tenantId;
    $companyDir = $tenantDir . '/' . $companyId;
    $dateFolder = date('Y-m-d');
    $uploadDir = $companyDir . '/' . $dateFolder . '/';

    foreach ([$tenantDir, $companyDir, $uploadDir] as $dir) {
        if (!is_dir($dir)) {
            if (!mkdir($dir, 0755, true)) {
                error_log('Failed to create storage directory: ' . $dir);
                json_error('فشل في تجهيز مساحة التخزين', 500);
                exit;
            }
            chmod($dir, 0755);
        }
    }

    $extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION);
    $fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension;
    $targetFile = $uploadDir . $fileName;

    if (!move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
        json_error('فشل في نقل الملف المرفوع إلى مسار التخزين', 500);
        exit;
    }

    // 5. Run AI Extraction
    $mimeType = $_FILES['invoice']['type'];
    $fileContent = file_get_contents($targetFile);
    $base64Data = base64_encode($fileContent);

    $extracted = AI::extractInvoiceData($base64Data, $mimeType);

    if (!$extracted) {
        $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
        $stmt = $db->prepare("
            INSERT INTO invoices (
                id, tenant_id, company_id, uploaded_by, original_file_path, status, created_at
            ) VALUES (
                ?, ?, ?, ?, ?, 'uploaded', NOW()
            )
        ");
        $stmt->execute([$invoiceId, $tenantId, $companyId, $userId, $targetFile]);
        json_success(['id' => $invoiceId], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً');
        exit; // إيقاف التنفيذ إلزامي هنا لمنع الانهيار
    }

    // 6. Save Extracted Data
    $db->beginTransaction();

    $extractedInvoices = $extracted['invoices'] ?? [$extracted];
    $savedIds = [];

    foreach ($extractedInvoices as $inv) {
        $supplierTin = $inv['supplier']['tin'] ?? '';
        $invoiceNum = $inv['invoice_number'] ?? '';
        $invoiceDate = $inv['invoice_date'] ?? '';

        $invoiceHash = null;
        if (!empty($supplierTin) && !empty($invoiceNum) && !empty($invoiceDate)) {
            $rawHashString = $companyId . '_' . $supplierTin . '_' . $invoiceNum . '_' . $invoiceDate;
            $invoiceHash = hash('sha256', strtolower($rawHashString));

            $checkStmt = $db->prepare("SELECT id FROM invoices WHERE company_id = ? AND invoice_hash = ? AND deleted_at IS NULL");
            $checkStmt->execute([$companyId, $invoiceHash]);
            if ($checkStmt->fetch()) {
                continue; // Skip duplicates in multi-page files
            }
        }

        $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
        $validDate = (!empty($invoiceDate) && strtotime($invoiceDate)) ? $invoiceDate : null;
        
        $subtotal = is_numeric($inv['subtotal'] ?? null) ? $inv['subtotal'] : 0;
        $tax = is_numeric($inv['tax_amount'] ?? null) ? $inv['tax_amount'] : 0;
        $disc = is_numeric($inv['discount_total'] ?? null) ? $inv['discount_total'] : 0;
        $total = is_numeric($inv['grand_total'] ?? null) ? $inv['grand_total'] : 0;

        $stmt = $db->prepare("
            INSERT INTO invoices (
                id, tenant_id, company_id, uploaded_by, original_file_path, status,
                invoice_number, invoice_date, invoice_type, invoice_category,
                supplier_tin, supplier_name, supplier_address,
                buyer_tin, buyer_name, buyer_national_id,
                subtotal, tax_amount, discount_total, grand_total, currency_code,
                invoice_hash, validation_warnings,
                created_at
            ) VALUES (
                :id, :tenant_id, :company_id, :uploaded_by, :path, 'extracted',
                :num, :date, :type, :cat, :s_tin, :s_name, :s_addr, :b_tin, :b_name, :b_nid,
                :sub, :tax, :disc, :total, :cur, 
                :hash, :warnings,
                NOW()
            )
        ");

        $stmt->execute([
            'id' => $invoiceId,
            'tenant_id' => $tenantId,
            'company_id' => $companyId,
            'uploaded_by' => $userId,
            'path' => $targetFile,
            'num' => !empty($invoiceNum) ? $invoiceNum : null,
            'date' => $validDate,
            'type' => !empty($inv['invoice_type']) ? $inv['invoice_type'] : 'cash',
            'cat' => !empty($inv['invoice_category']) ? $inv['invoice_category'] : 'simplified',
            's_tin' => Encryption::encrypt($supplierTin),
            's_name' => Encryption::encrypt($inv['supplier']['name'] ?? ''),
            's_addr' => Encryption::encrypt($inv['supplier']['address'] ?? ''),
            'b_tin' => Encryption::encrypt($inv['buyer']['tin'] ?? ''),
            'b_name' => Encryption::encrypt($inv['buyer']['name'] ?? ''),
            'b_nid' => Encryption::encrypt($inv['buyer']['national_id'] ?? ''),
            'sub' => $subtotal,
            'tax' => $tax,
            'disc' => $disc,
            'total' => $total,
            'cur' => !empty($inv['currency_code']) ? $inv['currency_code'] : 'JOD',
            'hash' => $invoiceHash,
            'warnings' => !empty($inv['validation_warnings']) ? json_encode($inv['validation_warnings']) : null
        ]);

        // Save Line Items
        if (!empty($inv['lines']) && is_array($inv['lines'])) {
            $lineStmt = $db->prepare("
                INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total)
                VALUES (?, ?, ?, ?, ?, ?, ?, ?)
            ");
            foreach ($inv['lines'] as $index => $item) {
                $lineId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
                $lineStmt->execute([
                    $lineId,
                    $invoiceId,
                    $item['line_number'] ?? ($index + 1),
                    $item['description'] ?? 'بدون وصف',
                    is_numeric($item['quantity'] ?? null) ? $item['quantity'] : 1,
                    is_numeric($item['unit_price'] ?? null) ? $item['unit_price'] : 0,
                    is_numeric($item['tax_rate'] ?? null) ? $item['tax_rate'] : 0.16,
                    is_numeric($item['line_total'] ?? null) ? $item['line_total'] : 0
                ]);
            }
        }

        $savedIds[] = $invoiceId;
        QuotaMiddleware::incrementInvoiceUsage($tenantId);
    }

    $db->commit();

    if (empty($savedIds)) {
        json_error('لم يتم حفظ أي فواتير جديدة من هذا الملف (قد تكون مكررة)', 409);
        exit;
    }

    // --- NOTIFICATIONS & GAMIFICATION (for first invoice only for simplicity) ---
    \App\Services\SmartNotifications::checkQuotaWarning($tenantId);
    \App\Services\GamificationService::award($userId, $tenantId, 'invoice_uploaded');
    // -----------------------

    $response = [
        'ids' => $savedIds,
        'message' => 'تم استخراج وحفظ ' . count($savedIds) . ' فواتير من الملف بنجاح'
    ];

    // Backward compatibility for Flutter (expecting a single 'id')
    if (count($savedIds) === 1) {
        $response['id'] = $savedIds[0];
    }

    json_success($response);
    exit;

} catch (\PDOException $e) {
    if (isset($db) && $db->inTransaction()) {
        $db->rollBack();
    }
    error_log("Database Error [upload]: " . $e->getMessage() . " | File: " . $e->getFile() . ":" . $e->getLine());
    json_error('حدث خطأ أثناء حفظ بيانات الفاتورة. يرجى المحاولة مرة أخرى.', 500);
    exit;
} catch (\Throwable $e) {
    if (isset($db) && $db->inTransaction()) {
        $db->rollBack();
    }
    error_log("Critical Error [upload]: " . $e->getMessage() . " | File: " . $e->getFile() . ":" . $e->getLine());
    json_error('حدث خطأ غير متوقع. يرجى المحاولة مرة أخرى أو التواصل مع الدعم الفني.', 500);
    exit;
}