<?php
class EveAI_Chat_API {
    private $security;
    private $eveai_api_url;

    public function __construct() {
        $this->security = new EveAI_Chat_Security();
        $this->eveai_api_url = 'https://api.eveai.com'; // Should come from settings
    }

    public function register_routes() {
        register_rest_route('eveai/v1', '/session-token', array(
            'methods' => 'POST',
            'callback' => array($this, 'get_session_token'),
            'permission_callback' => array($this, 'verify_request'),
            'args' => array(
                'tenant_id' => array(
                    'required' => true,
                    'validate_callback' => function($param) {
                        return is_numeric($param);
                    }
                ),
                'domain' => array(
                    'required' => true,
                    'validate_callback' => function($param) {
                        return is_string($param) && !empty($param);
                    }
                )
            )
        ));
    }

    public function verify_request($request) {
        // Origin verification
        $origin = $request->get_header('origin');
        if (!$this->security->verify_origin($origin)) {
            return new WP_Error(
                'invalid_origin',
                'Invalid request origin',
                array('status' => 403)
            );
        }

        // Nonce verification
        $nonce = $request->get_header('X-WP-Nonce');
        if (!wp_verify_nonce($nonce, 'wp_rest')) {
            return new WP_Error(
                'invalid_nonce',
                'Invalid nonce',
                array('status' => 403)
            );
        }

        return true;
    }

    public function get_session_token($request) {
        try {
            // Get the API key from WordPress options and decrypt it
            $settings = get_option('eveai_chat_settings');
            $encrypted_api_key = $settings['api_key'] ?? '';

            if (empty($encrypted_api_key)) {
                return new WP_Error(
                    'no_api_key',
                    'API key not configured',
                    array('status' => 500)
                );
            }

            $api_key = $this->security->decrypt_sensitive_data($encrypted_api_key);

            // Get parameters from request
            $tenant_id = $request->get_param('tenant_id');
            $domain = $request->get_param('domain');

            // Request a session token from EveAI server
            $response = wp_remote_post(
                $this->eveai_api_url . '/session',
                array(
                    'headers' => array(
                        'Authorization' => 'Bearer ' . $api_key,
                        'Content-Type' => 'application/json'
                    ),
                    'body' => json_encode(array(
                        'tenant_id' => $tenant_id,
                        'domain' => $domain,
                        'origin' => get_site_url()
                    )),
                    'timeout' => 15,
                    'data_format' => 'body'
                )
            );

            if (is_wp_error($response)) {
                throw new Exception($response->get_error_message());
            }

            $response_code = wp_remote_retrieve_response_code($response);
            if ($response_code !== 200) {
                throw new Exception('Invalid response from EveAI server: ' . $response_code);
            }

            $body = json_decode(wp_remote_retrieve_body($response), true);

            if (empty($body['token'])) {
                throw new Exception('No token received from EveAI server');
            }

            // Log the token generation (optional, for debugging)
            error_log(sprintf(
                'Generated session token for tenant %d from domain %s',
                $tenant_id,
                $domain
            ));

            return array(
                'success' => true,
                'session_token' => $body['token']
            );

        } catch (Exception $e) {
            error_log('EveAI session token generation failed: ' . $e->getMessage());

            return new WP_Error(
                'token_generation_failed',
                'Failed to generate session token: ' . $e->getMessage(),
                array('status' => 500)
            );
        }
    }

    /**
     * Validates the session token with EveAI server
     * Can be used for additional security checks
     */
    public function validate_session_token($token) {
        try {
            $response = wp_remote_post(
                $this->eveai_api_url . '/validate-token',
                array(
                    'headers' => array(
                        'Content-Type' => 'application/json'
                    ),
                    'body' => json_encode(array(
                        'token' => $token
                    )),
                    'timeout' => 15
                )
            );

            if (is_wp_error($response)) {
                return false;
            }

            $body = json_decode(wp_remote_retrieve_body($response), true);
            return isset($body['valid']) && $body['valid'] === true;

        } catch (Exception $e) {
            error_log('Token validation failed: ' . $e->getMessage());
            return false;
        }
    }
}