<?php

declare(strict_types=1);

use App\Auth\LocalAdmin;
use App\Auth\OidcClient;
use App\Auth\SessionGuard;
use App\Controllers\AuthController;
use App\Controllers\SprintController;
use App\Controllers\WorkerController;
use App\Db\Connection;
use App\Db\Migrator;
use App\Http\Request;
use App\Http\Response;
use App\Http\Router;
use App\Http\View;
use App\Repositories\SprintRepository;
use App\Repositories\SprintWeekRepository;
use App\Repositories\SprintWorkerDayRepository;
use App\Repositories\SprintWorkerRepository;
use App\Repositories\UserRepository;
use App\Repositories\WorkerRepository;
use App\Services\AuditLogger;

// Buffer output so a stray warning/notice can't send headers before
// Response::send() gets a chance to set them. send() will flush.
ob_start();

define('APP_ROOT', dirname(__DIR__));

// ---------------------------------------------------------------------------
// Autoload
// ---------------------------------------------------------------------------
$autoload = APP_ROOT . '/vendor/autoload.php';
if (!is_file($autoload)) {
    http_response_code(500);
    header('Content-Type: text/plain; charset=utf-8');
    echo "Composer dependencies are not installed.\n";
    echo "Run: composer install (or rebuild the container).\n";
    exit;
}
require $autoload;

// ---------------------------------------------------------------------------
// Environment
// ---------------------------------------------------------------------------
if (is_file(APP_ROOT . '/.env')) {
    $dotenv = Dotenv\Dotenv::createImmutable(APP_ROOT);
    $dotenv->safeLoad();
}

$appEnv = getenv('APP_ENV') ?: 'production';
if ($appEnv !== 'production') {
    ini_set('display_errors', '1');
    error_reporting(E_ALL);
} else {
    ini_set('display_errors', '0');
}

// ---------------------------------------------------------------------------
// Migrations — cheap no-op when already current
// ---------------------------------------------------------------------------
try {
    $pdo = Connection::pdo();
    (new Migrator($pdo))->migrate();
} catch (\Throwable $e) {
    http_response_code(500);
    header('Content-Type: text/plain; charset=utf-8');
    echo "Database bootstrap failed.\n";
    if ($appEnv !== 'production') {
        echo $e->getMessage() . "\n";
    }
    exit;
}

// ---------------------------------------------------------------------------
// Shared services
// ---------------------------------------------------------------------------
$view          = new View(APP_ROOT . '/views');
$users         = new UserRepository($pdo);
$workers       = new WorkerRepository($pdo);
$sprints       = new SprintRepository($pdo);
$sprintWeeks   = new SprintWeekRepository($pdo);
$sprintWorkers = new SprintWorkerRepository($pdo);
$swDays        = new SprintWorkerDayRepository($pdo);
$audit         = new AuditLogger($pdo);
$auth          = new AuthController($pdo, $users, $audit, $view);
$workerCtrl    = new WorkerController($pdo, $users, $workers, $audit, $view);
$sprintCtrl    = new SprintController(
    $pdo, $users, $sprints, $sprintWeeks, $sprintWorkers, $swDays, $workers, $audit, $view,
);

// ---------------------------------------------------------------------------
// Routing
// ---------------------------------------------------------------------------
$router = new Router();

$router->get('/', function (Request $req) use ($view, $pdo, $users, $sprints, $appEnv): Response {
    $currentUser   = SessionGuard::currentUser($users);
    $schemaVersion = (int) $pdo->query(
        'SELECT COALESCE(MAX(version), 0) FROM schema_version'
    )->fetchColumn();

    $sprintRows = $currentUser === null ? [] : $sprints->allWithCounts();

    return Response::html($view->render('home', [
        'title'             => 'Sprint Planner',
        'currentUser'       => $currentUser,
        'schemaVersion'     => $schemaVersion,
        'dbPath'            => Connection::path(),
        'appEnv'            => $appEnv,
        'oidcConfigured'    => OidcClient::isConfigured(),
        'localAdminEnabled' => LocalAdmin::isEnabled(),
        'authError'         => isset($req->query['auth_error']),
        'csrfToken'         => SessionGuard::csrfToken(),
        'sprintRows'        => $sprintRows,
    ]));
});

$router->get('/healthz', fn() => Response::text('ok'));

$router->get('/auth/login',     $auth->login(...));
$router->get('/auth/callback',  $auth->callback(...));
$router->post('/auth/logout',   $auth->logout(...));
$router->get('/auth/local',     $auth->loginLocalForm(...));
$router->post('/auth/local',    $auth->loginLocal(...));

$router->get('/workers',         $workerCtrl->index(...));
$router->post('/workers',        $workerCtrl->create(...));
$router->post('/workers/{id}',   $workerCtrl->update(...));

$router->get('/sprints/new',              $sprintCtrl->newForm(...));
$router->post('/sprints',                 $sprintCtrl->create(...));
$router->get('/sprints/{id}',             $sprintCtrl->show(...));
$router->get('/sprints/{id}/settings',    $sprintCtrl->settings(...));

// JSON mutation endpoints (admin, CSRF via X-CSRF-Token header):
$router->patch('/sprints/{id}',                       $sprintCtrl->updateMeta(...));
$router->post('/sprints/{id}/weeks',                  $sprintCtrl->replaceWeeks(...));
$router->post('/sprints/{id}/workers',                $sprintCtrl->addWorker(...));
$router->delete('/sprints/{id}/workers/{sw_id}',      $sprintCtrl->removeWorker(...));
$router->post('/sprints/{id}/workers/reorder',        $sprintCtrl->reorderWorkers(...));
$router->patch('/sprints/{id}/workers/{sw_id}',       $sprintCtrl->updateWorker(...));

// Phase 5 — Arbeitstage grid:
$router->patch('/sprints/{id}/week-cells',            $sprintCtrl->updateWeekCells(...));
$router->patch('/sprints/{id}/week/{week_id}',        $sprintCtrl->updateWeekMax(...));

// ---------------------------------------------------------------------------
// Dispatch
// ---------------------------------------------------------------------------
$request  = Request::fromGlobals();
$response = $router->dispatch($request);
$response->send();

// Flush the output buffer opened at the top.
if (ob_get_level() > 0) {
    @ob_end_flush();
}