<?php
/**
 * Link Company to JoFotara API
 */

use App\Core\Database;
use App\Core\Encryption;
use App\Core\JoFotara;
use App\Middleware\AuthMiddleware;

// 1. Auth Check
$decoded = AuthMiddleware::check();
if (!in_array($decoded['role'], ['super_admin', 'admin'])) {
    json_error('Unauthorized to modify JoFotara settings', 403);
}

$db = Database::getInstance();
$data = json_decode(file_get_contents('php://input'), true);

$companyId = $data['id'] ?? null;
$clientId  = $data['client_id'] ?? null;
$secretKey = $data['secret_key'] ?? null;
$sequence  = $data['income_source_sequence'] ?? null;

if (!$companyId || !$clientId || !$secretKey) {
    json_error('Company ID, Client ID, and Secret Key are required', 422);
}

$tenantId = $decoded['tenant_id'];

try {
    // 2. Validate Company Ownership
    $stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ?");
    $stmt->execute([$companyId, $tenantId]);
    if (!$stmt->fetch()) json_error('Access denied', 403);

    // 3. Test Connection (Optional but recommended)
    $jofotara = new JoFotara();
    // Here you would typically call a health check endpoint if JoFotara provides one, 
    // or just assume the credentials are correct for now.

    // 4. Update Company with Encrypted Credentials
    $stmtUpdate = $db->prepare("
        UPDATE companies 
        SET 
            jofotara_client_id_encrypted = ?,
            jofotara_secret_key_encrypted = ?,
            jofotara_income_source_sequence = ?,
            updated_at = NOW()
        WHERE id = ?
    ");
    
    $stmtUpdate->execute([
        Encryption::encrypt($clientId),
        Encryption::encrypt($secretKey),
        $sequence,
        $companyId
    ]);

    json_success(null, 'تم ربط الشركة بنظام جوفوترة بنجاح');

} catch (\Exception $e) {
    error_log("JoFotara Connection Error: " . $e->getMessage());
    safe_error($e, 'companies/connect_jofotara', 'فشل في ربط جوفوترا. يرجى المحاولة مرة أخرى.');
}