<?php
/**
 * Auth Login Endpoint
 */

use App\Core\Database;
use App\Core\JWT;
use App\Core\Validator;

$data = input();

// 1. Validation
$errors = Validator::validate($data, [
    'email'    => 'required|email',
    'password' => 'required'
]);

if ($errors) {
    json_error('Validation Failed', 422, $errors);
}

$email = $data['email'];
$password = $data['password'];

// 2. DB Check
$db = Database::getInstance();
$stmt = $db->prepare("SELECT * FROM users WHERE email = ? LIMIT 1");
$stmt->execute([$email]);
$user = $stmt->fetch();

if (!$user || !password_verify($password, $user['password_hash'])) {
    json_error('بيانات الدخول غير صحيحة', 401);
}

// 3. Issue Token
$secret = env('JWT_SECRET', 'super-secret-key');
$payload = [
    'user_id' => $user['id'],
    'role'    => $user['role'],
    'exp'     => time() + (15 * 60) // 15 minutes
];

$token = JWT::encode($payload, $secret);

// 4. Update Refresh Token (Simple stored in DB as requested)
$refreshToken = bin2hex(random_bytes(32));
$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
$stmt->execute([$refreshToken, $user['id']]);

json_success([
    'access_token'  => $token,
    'refresh_token' => $refreshToken,
    'user' => [
        'id'    => $user['id'],
        'name'  => $user['name'],
        'email' => $user['email']
    ]
], 'تم تسجيل الدخول بنجاح');