<?php
/**
 * Simple Router & Entry Point
 */

require_once __DIR__ . '/../app/bootstrap/init.php';

// Global Request Logging (non-sensitive)
error_log("Incoming Request: " . ($_SERVER['REQUEST_METHOD'] ?? 'GET') . " " . ($_SERVER['REQUEST_URI'] ?? '/'));

$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$route = $_GET['route'] ?? str_replace('/api/', '', $uri);
$route = trim($route, '/');

error_log("Router: Resolved route '{$route}'");

// Route map: route => [allowed_method, module_file]
$routes = [
    'v1/auth/login'   => ['POST', 'auth/login.php'],
    'v1/auth/refresh' => ['POST', 'auth/refresh.php'],
    'v1/auth/logout'  => ['POST', 'auth/logout.php'],
    'v1/users'        => ['GET',  'users/index.php'],
    'v1/users/create' => ['POST', 'users/create.php'],
    'v1/companies'    => ['GET',  'companies/index.php'],
    'v1/companies/create' => ['POST', 'companies/create.php'],
    'v1/invoices/upload'  => ['POST', 'invoices/upload.php'],
    'v1/dashboard/stats' => ['GET', 'dashboard/stats.php'],
    'v1/tenants'         => ['GET', 'tenants/index.php'],
    'v1/tenants/create'  => ['POST', 'tenants/create.php'],
];

if (isset($routes[$route])) {
    [$allowedMethod, $moduleFile] = $routes[$route];
    
    // H1 Fix: Enforce HTTP Method
    if ($_SERVER['REQUEST_METHOD'] !== $allowedMethod) {
        header("Allow: {$allowedMethod}");
        json_error("Method Not Allowed. Use {$allowedMethod}.", 405);
    }
    
    $file = APP_PATH . '/modules_app/' . $moduleFile;
    if (file_exists($file)) {
        require_once $file;
    } else {
        json_error("Endpoint file missing: {$route}", 500);
    }
} else {
    if (str_starts_with($route, 'v1/')) {
        json_error("Not Found: {$route}", 404);
    } else {
        include __DIR__ . '/shell.php';
        exit;
    }
}