<?php
declare(strict_types=1);

require_once __DIR__ . '/../vendor/autoload.php';
require_once __DIR__ . '/../app/Core/helpers.php';

use App\Core\Application;

$app = new Application(dirname(__DIR__));
$router = $app->getRouter();

// Auth
$router->addRoute('POST', '/api/v1/auth/register', [\App\Modules\Auth\AuthController::class, 'register']);
$router->addRoute('POST', '/api/v1/auth/login', [\App\Modules\Auth\AuthController::class, 'login']);
$router->addRoute('POST', '/api/v1/auth/refresh', [\App\Modules\Auth\AuthController::class, 'refresh']);
$router->addRoute('GET', '/api/v1/auth/me', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'me']]);
$router->addRoute('POST', '/api/v1/auth/logout', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'logout']]);
$router->addRoute('POST', '/api/v1/auth/2fa/enable', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'enable2FA']]);
$router->addRoute('POST', '/api/v1/auth/2fa/verify', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'verify2FA']]);
$router->addRoute('POST', '/api/v1/auth/2fa/verify_login', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'login2FAVerify']]);
$router->addRoute('POST', '/api/v1/auth/2fa/disable', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'disable2FA']]);

// Dashboard
$router->addRoute('GET', '/api/v1/dashboard', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Dashboard\DashboardController::class, 'getStats']]);
$router->addRoute('GET', '/api/v1/dashboard/risk', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Dashboard\DashboardController::class, 'getRiskStats']]);

// Companies
$router->addRoute('GET', '/api/v1/companies', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Companies\CompanyController::class, 'list']]);
$router->addRoute('POST', '/api/v1/companies', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Companies\CompanyController::class, 'create']]);
$router->addRoute('PUT', '/api/v1/companies/{id}/jofotara', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Companies\CompanyController::class, 'updateJoFotara']]);

// Invoices
$router->addRoute('GET', '/api/v1/invoices', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'index']]);
$router->addRoute('POST', '/api/v1/invoices/upload', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'upload']]);
$router->addRoute('GET', '/api/v1/invoices/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'show']]);
$router->addRoute('PUT', '/api/v1/invoices/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'update']]);
$router->addRoute('DELETE', '/api/v1/invoices/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'destroy']]);
$router->addRoute('POST', '/api/v1/invoices/{id}/submit', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'submit']]);
$router->addRoute('GET', '/api/v1/invoices/{id}/file', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'serveFile']]);
$router->addRoute('GET', '/api/v1/invoices/{id}/status', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'status']]);

// Users
$router->addRoute('GET', '/api/v1/users', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'list']]);
$router->addRoute('POST', '/api/v1/users', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'create']]);
$router->addRoute('PUT', '/api/v1/users/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'update']]);
$router->addRoute('DELETE', '/api/v1/users/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'destroy']]);
$router->addRoute('PUT', '/api/v1/users/profile', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'updateProfile']]);
$router->addRoute('PUT', '/api/v1/users/password', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'changePassword']]);

// API Keys
$router->addRoute('GET', '/api/v1/api-keys', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'index']]);
$router->addRoute('POST', '/api/v1/api-keys', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'create']]);
$router->addRoute('DELETE', '/api/v1/api-keys/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'revoke']]);

// Subscriptions
$router->addRoute('GET', '/api/v1/subscriptions/me', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Subscriptions\SubscriptionController::class, 'me']]);
$router->addRoute('GET', '/api/v1/subscriptions/plans', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Subscriptions\SubscriptionController::class, 'plans']]);

// Risk monitor
$router->addRoute('GET', '/api/v1/risks', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Risks\RiskController::class, 'index']]);
$router->addRoute('PUT', '/api/v1/risks/{id}/resolve', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Risks\RiskController::class, 'resolve']]);

// Admin (super_admin only)
$adminMw = [\App\Middleware\AuthMiddleware::class, \App\Middleware\RoleMiddleware::class . ':super_admin'];
$router->addRoute('GET', '/api/v1/admin/tenants', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'listTenants']]);
$router->addRoute('GET', '/api/v1/admin/tenants/{id}', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'getTenant']]);
$router->addRoute('PUT', '/api/v1/admin/tenants/{id}', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'updateTenant']]);
$router->addRoute('GET', '/api/v1/admin/stats', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'getSystemStats']]);
$router->addRoute('GET', '/api/v1/admin/queue', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'getQueueStatus']]);
$router->addRoute('POST', '/api/v1/admin/queue/{id}/retry', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'retryJob']]);

// ══ Health Check ═════════════════════════════════════════════
$router->addRoute('GET', '/api/v1/health', function(\App\Core\Request $request) {
    $dbStatus = 'ok';
    try {
        \App\Core\Database::getInstance()->query('SELECT 1');
    } catch (\Throwable $e) {
        $dbStatus = 'error';
    }

    $redisStatus = 'ok';
    try {
        \App\Core\Redis::getInstance()->ping();
    } catch (\Throwable $e) {
        $redisStatus = 'error';
    }

    $db = \App\Core\Database::getInstance();
    $queuePending = (int)$db->query("SELECT COUNT(*) FROM queue_jobs WHERE status = 'pending'")->fetchColumn();
    $queueDead = (int)$db->query("SELECT COUNT(*) FROM queue_jobs WHERE status = 'dead'")->fetchColumn();

    \App\Core\Response::json([
        'success' => true,
        'data' => [
            'db' => $dbStatus,
            'redis' => $redisStatus,
            'queue_pending' => $queuePending,
            'queue_dead' => $queueDead,
            'timestamp' => date('c'),
        ],
    ]);
});

// ══ Determine if this is an API request ═════════════════════════════
$requestPath = $_GET['route'] ?? parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$isApi = str_starts_with($requestPath, '/api/v1');

if (!$isApi) {
    // Not an API call — serve the SPA shell
    include __DIR__ . '/shell.php';
    exit;
}

$app->run();