<?php
/**
 * Create Batch Endpoint
 * POST /v1/batches/create
 * 
 * Creates a new invoice batch for the mobile scanner.
 * Returns batch_id that the mobile app uses to upload images.
 */

declare(strict_types=1);

use App\Core\Database;
use App\Middleware\AuthMiddleware;
use App\Core\Security;
use App\Core\Validator;
use App\Middleware\QuotaMiddleware;

$decoded = AuthMiddleware::check();
$tenantId = $decoded['tenant_id'];
$userId = $decoded['user_id'];

$data = Security::sanitize(input());

// 1. Validate
$errors = Validator::validate($data, [
    'company_id' => 'required',
]);

if ($errors) {
    json_error('رقم الشركة مطلوب', 422, $errors);
}

$companyId = $data['company_id'];
$source = $data['source'] ?? 'mobile_scan';
$expectedImages = (int)($data['expected_images'] ?? 0);

// 2. Permission check
$db = Database::getInstance();
$stmt = $db->prepare("SELECT id, tenant_id FROM companies WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$companyId]);
$company = $stmt->fetch();

if (!$company) {
    json_error('الشركة غير موجودة', 404);
}

// Check tenant match if not super_admin
if ($decoded['role'] !== 'super_admin' && $company['tenant_id'] !== $tenantId) {
    json_error('الوصول مرفوض لهذه الشركة', 403);
}

// Use the actual tenant of the company
$targetTenantId = $company['tenant_id'];

// 3. Check quota (preview — don't increment yet)
if ($decoded['role'] !== 'super_admin') {
    try {
        QuotaMiddleware::checkInvoiceQuota($targetTenantId);
    } catch (\Exception $e) {
        json_error('تم استنفاد رصيد الفواتير لهذا الشهر. قم بترقية باقتك.', 429);
    }
}

// 4. Generate batch ID
$batchId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));

// 5. Create batch record
$stmt = $db->prepare("
    INSERT INTO invoice_batches (id, tenant_id, company_id, uploaded_by, total_images, source, status)
    VALUES (?, ?, ?, ?, ?, ?, 'uploading')
");
$stmt->execute([$batchId, $targetTenantId, $companyId, $userId, $expectedImages, $source]);

// 6. Create upload directory
$uploadDir = STORAGE_PATH . '/invoices/' . $targetTenantId . '/' . $companyId . '/batches/' . $batchId;
if (!is_dir($uploadDir)) {
    mkdir($uploadDir, 0755, true);
}

json_success([
    'batch_id' => $batchId,
    'upload_url' => 'v1/batches/upload-image',
], 'تم إنشاء الدفعة بنجاح. ابدأ برفع الصور.');