<?php

use api\classes\API_apitoken;
use api\classes\API_users;


session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_apitoken.php';

$API_apitoken = new API_apitoken();

if ($API_apitoken->request_method === 'GET') {

    # Retrieve all the API tokens from a user and return them.

    $requiredFields = [
        'user_uuid' => ['type' => 'uuid'],
    ];

    $API_apitoken->validateData($requiredFields);

    if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
        $API_apitoken->checkPermissions('user-apitoken-self', 'RW');

    } else {

        $API_apitoken->checkPermissions('user-apitoken-others', 'RO');

    }

    $apitokens = $API_apitoken->getTokens();

    $API_apitoken->apiOutput($code = 200, ['success' => $apitokens], 'api_token_created');

} elseif ($API_apitoken->request_method === 'POST') {

    # Creates a new API Token. First check if the uuid is correct and then check the permission
    # After that create a new token, retrieve the newly created api_token and give a response.
    $requiredFields = [
        'user_uuid' => ['type' => 'uuid'],
    ];
    $API_apitoken->validateData($requiredFields);

    # First retrieve the user_uuid from the post and lookup the user
    require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';

    $API_users = new API_users();
    $_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_apitoken->data['user_uuid']]]];
    $user_data = $API_users->getUser()[0];

    $API_apitoken->validateData($requiredFields);

    if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
        $API_apitoken->checkPermissions('user-apitoken-self', 'RW');

    } else {
        if ($user_data['user_email'] === 'superuser') {
            $API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
        }
        $API_apitoken->checkPermissions('user-apitoken-others', 'RW');
    }

    $API_apitoken->createNewToken();

} elseif ($API_apitoken->request_method === 'PUT') {

    # Change the revoked status of an API token

    # This api call, when called from the frontend will not be forwarding to a url.
    $API_apitoken->return_url = false;

    $requiredFields = [
        'api_token_uuid' => ['type' => 'uuid'],
        'api_token_revoked' => ['type' => 'boolean'],
    ];
    $API_apitoken->validateData($requiredFields);
    $api_token_data = $API_apitoken->getToken();

    if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
        $API_apitoken->checkPermissions('user-apitoken-self', 'RW');
    } else {
        if ($api_token_data['user_email'] === 'superuser') {
            $API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
        }
        $API_apitoken->checkPermissions('user-apitoken-others', 'RW');
    }


    $API_apitoken->revokeToken();

} elseif ($API_apitoken->request_method === 'DELETE') {

    # Deletes an API token, requies DELETE with 'api_token_uuid' first retrieve the uuid of the user with getToken then check
    # if the user is another user or itself

    # This api call, when called from the frontend will not be forwarding to a url.
    $API_apitoken->return_url = false;

    $requiredFields = [
        'api_token_uuid' => ['type' => 'uuid'],
    ];
    $API_apitoken->validateData($requiredFields);
    $api_token_data = $API_apitoken->getToken();

    if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
        $API_apitoken->checkPermissions('user-apitoken-self', 'RW');
    } else {
        if ($api_token_data['user_email'] === 'superuser') {
            $API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
        }
        $API_apitoken->checkPermissions('user-apitoken-others', 'RW');
    }

    $API_apitoken->deleteToken();

}