<?php

declare(strict_types=1);

namespace App\Core;

use Dotenv\Dotenv;
use App\Core\{Request, Response, Router, Container};

final class Application
{
    private Container $container;
    private Router $router;
    public static ?array $config = null;

    public function __construct(string $basePath)
    {
        // 1. Load Environment Variables
        // In local dev, .env is in the project root. In production, it might be moved.
        $dotenv = Dotenv::createImmutable($basePath);
        $dotenv->load();

        // 2. Set Timezone
        date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Asia/Amman');

        // 3. Initialize Core Components
        $this->container = new Container();
        
        // 4. Load Configurations
        $this->loadConfigs($basePath);

        $this->router = new Router($this->container);

        // Register core services in container
        $this->container->set(Container::class, $this->container);
        $this->container->set(Router::class, $this->router);
    }

    private function loadConfigs(string $basePath): void
    {
        $configPath = $basePath . '/config';
        $configs = [];

        foreach (glob($configPath . '/*.php') as $file) {
            $key = basename($file, '.php');
            $configs[$key] = require $file;
        }

        self::$config = $configs;
        $this->container->set('config', $configs);
    }

    public function getRouter(): Router
    {
        return $this->router;
    }

    public function run(): void
    {
        // 1. Security Headers
        header('X-Content-Type-Options: nosniff');
        header('X-Frame-Options: DENY');
        header('X-XSS-Protection: 1; mode=block');
        header('Strict-Transport-Security: max-age=31536000; includeSubDomains; preload');
        header('Referrer-Policy: strict-origin-when-cross-origin');
        header('Permissions-Policy: camera=(), microphone=(), geolocation=()');
        header('Content-Security-Policy: default-src \'self\'; script-src \'self\' \'unsafe-inline\' cdn.tailwindcss.com unpkg.com cdn.jsdelivr.net; style-src \'self\' \'unsafe-inline\' fonts.googleapis.com; font-src fonts.gstatic.com; img-src \'self\' data: blob:;');
        header_remove('X-Powered-By');

        try {
            $request = new Request();
            $this->router->dispatch($request, $this->container);
        } catch (\App\Core\Exceptions\HttpException $e) {
            // Application-level intentional HTTP errors
            Response::error($e->getMessage(), $e->getErrorCode(), $e->getCode(), $e->getData());
        } catch (\Throwable $e) {
            // Log real error internally only
            error_log("[MUSADAQ_ERROR] " . $e->getMessage() . " in " . $e->getFile() . ":" . $e->getLine() . "\nStack trace:\n" . $e->getTraceAsString());
            
            // Global Exception Handler (Never expose stack traces in production)
            Response::json([
                'success' => false,
                'message' => 'Unexpected system error'
            ], 500);
        }
    }
}