<?php

use api\classes\API_users;

session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';

$API_users = new API_users();

if ($API_users->request_method === 'GET') {
    #echo json_encode($api->getAllUsers());


} elseif ($API_users->request_method === 'POST') {
    # create a new user
    $API_users->checkPermissions('admin-access-admins', 'RW');

    $requiredFields = [
        'user_group_uuid' => ['type' => 'uuid'],
        'user_email' => ['type' => 'email'],
        'user_first_name' => ['type' => 'string'],
        'user_last_name' => ['type' => 'string'],
        'user_full_name' => ['type' => 'string'],
        'user_phone_number' => ['type' => 'string'],
        'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
        'user_password' => ['type' => 'string'],
        'user_pref_language' => ['type' => 'string'],
        'user_password_reset_token' => ['type' => 'string'],
        'user_password_reset_expires' => ['type' => 'int'],
    ];

    # The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
    $random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
    $user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
    $API_users->postedData['user_password'] = $user_password;

    $API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
    $API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';

    # Password reset token that will be send to the newly created user
    $API_users->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
    $API_users->postedData['user_password_reset_expires'] = time() + 86400;

    $API_users->validateData($requiredFields);
    $API_users->createUser();

} elseif ($API_users->request_method === 'PUT') {

    # Edit a user
    $API_users->checkPermissions('admin-access-admins', 'RW');

    $requiredFields = [
        'user_uuid' => ['type' => 'uuid'],
        'user_group_uuid' => ['type' => 'uuid'],
        'user_email' => ['type' => 'email'],
        'user_first_name' => ['type' => 'string'],
        'user_last_name' => ['type' => 'string'],
        'user_full_name' => ['type' => 'string'],
        'user_phone_number' => ['type' => 'string'],
        'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
        'user_pref_language' => ['type' => 'string'],
        'user_stompable' => ['type' => 'boolean']
    ];

    $API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
    $API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';
    $API_users->postedData['user_stompable'] = (bool)$_POST['user_stompable'];


    $API_users->validateData($requiredFields);


    $API_users->updateUser();

} elseif ($API_users->request_method === 'DELETE') {


    $API_users->return_url = false;

    $API_users->checkPermissions('admin-access-admins', 'RW');
    $requiredFields = [
        'user_uuid' => ['type' => 'uuid'],
    ];


    $API_users->validateData($requiredFields);

    $API_users->deleteUser();
}