<?php
/**
 * IGNY8 API Client Class
 *
 * Handles all communication with IGNY8 API v1.0
 * Follows WORDPRESS-PLUGIN-INTEGRATION.md guidelines
 *
 * @package Igny8Bridge
 */

// Prevent direct access
if (!defined('ABSPATH')) {
    exit;
}

/**
 * Igny8API Class
 */
class Igny8API {
    
    /**
     * API base URL
     *
     * @var string
     */
    private $base_url = 'https://api.igny8.com/api/v1';
    
    /**
     * Access token
     *
     * @var string|null
     */
    private $access_token = null;
    
    /**
     * Whether authentication is via API key (true) or tokens (false)
     *
     * @var bool
     */
    private $api_key_auth = false;
    
    /**
     * Refresh token
     *
     * @var string|null
     */
    private $refresh_token = null;
    
    /**
     * Constructor
     */
    public function __construct() {
        if (function_exists('igny8_get_secure_option')) {
            $this->access_token = igny8_get_secure_option('igny8_access_token');
            $this->refresh_token = igny8_get_secure_option('igny8_refresh_token');
            $api_key = igny8_get_secure_option('igny8_api_key');
        } else {
            $this->access_token = get_option('igny8_access_token');
            $this->refresh_token = get_option('igny8_refresh_token');
            $api_key = get_option('igny8_api_key');
        }

        // If an API key is provided, prefer it as the access token
        if (!empty($api_key)) {
            $this->access_token = $api_key;
            $this->api_key_auth = true;
        }
    }
    
    /**
     * Login and store tokens
     *
     * @param string $email User email
     * @param string $password User password
     * @return bool True on success, false on failure
     */
    public function login($email, $password) {
        $response = wp_remote_post($this->base_url . '/auth/login/', array(
            'headers' => array(
                'Content-Type' => 'application/json'
            ),
            'body' => json_encode(array(
                'email' => $email,
                'password' => $password
            )),
            'timeout' => 30
        ));
        
        $body = $this->parse_response($response);
        
        if ($body['success']) {
            $this->access_token = $body['data']['access'];
            $this->refresh_token = $body['data']['refresh'];
            
            if (function_exists('igny8_store_secure_option')) {
                igny8_store_secure_option('igny8_access_token', $this->access_token);
                igny8_store_secure_option('igny8_refresh_token', $this->refresh_token);
            } else {
                update_option('igny8_access_token', $this->access_token);
                update_option('igny8_refresh_token', $this->refresh_token);
            }
            update_option('igny8_email', $email);
            
            // Store token refresh time
            $timestamp = current_time('timestamp');
            update_option('igny8_token_refreshed_at', $timestamp);
            update_option('igny8_access_token_issued', $timestamp);
            update_option('igny8_last_api_health_check', $timestamp);
            
            return true;
        }
        
        return false;
    }
    
    /**
     * Refresh access token
     *
     * @return bool True on success, false on failure
     */
    public function refresh_token() {
        if (!$this->refresh_token) {
            return false;
        }
        
        $response = wp_remote_post($this->base_url . '/auth/refresh/', array(
            'headers' => array(
                'Content-Type' => 'application/json'
            ),
            'body' => json_encode(array(
                'refresh' => $this->refresh_token
            )),
            'timeout' => 30
        ));
        
        $body = $this->parse_response($response);
        
        if ($body['success']) {
            $this->access_token = $body['data']['access'];
            
            // Refresh token may be updated
            if (isset($body['data']['refresh'])) {
                $this->refresh_token = $body['data']['refresh'];
                if (function_exists('igny8_store_secure_option')) {
                    igny8_store_secure_option('igny8_refresh_token', $this->refresh_token);
                } else {
                    update_option('igny8_refresh_token', $this->refresh_token);
                }
            }
            
            if (function_exists('igny8_store_secure_option')) {
                igny8_store_secure_option('igny8_access_token', $this->access_token);
            } else {
                update_option('igny8_access_token', $this->access_token);
            }
            
            $timestamp = current_time('timestamp');
            update_option('igny8_token_refreshed_at', $timestamp);
            update_option('igny8_access_token_issued', $timestamp);
            
            return true;
        }
        
        return false;
    }
    
    /**
     * Parse unified API response
     *
     * @param array|WP_Error $response HTTP response
     * @return array Parsed response
     */
    private function parse_response($response) {
        if (is_wp_error($response)) {
            return array(
                'success' => false,
                'error' => $response->get_error_message()
            );
        }
        
        $body = json_decode(wp_remote_retrieve_body($response), true);
        $status_code = wp_remote_retrieve_response_code($response);
        
        // Handle non-JSON responses
        if (!$body) {
            return array(
                'success' => false,
                'error' => 'Invalid response format'
            );
        }
        
        // Check if response follows unified format
        if (isset($body['success'])) {
            return $body;
        }
        
        // Legacy format - wrap in unified format
        if ($status_code >= 200 && $status_code < 300) {
            return array(
                'success' => true,
                'data' => $body
            );
        } else {
            return array(
                'success' => false,
                'error' => $body['detail'] ?? 'Unknown error'
            );
        }
    }
    
    /**
     * Get headers with authentication
     *
     * @return array Headers array
     * @throws Exception If not authenticated
     */
    private function get_headers() {
        if (!$this->access_token) {
            throw new Exception('Not authenticated');
        }
        
        return array(
            'Authorization' => 'Bearer ' . $this->access_token,
            'Content-Type' => 'application/json'
        );
    }
    
    /**
     * Make GET request
     *
     * @param string $endpoint API endpoint
     * @return array Response data
     */
    public function get($endpoint) {
        $response = wp_remote_get($this->base_url . $endpoint, array(
            'headers' => $this->get_headers(),
            'timeout' => 30
        ));
        
        $body = $this->parse_response($response);
        
        // Handle 401 - token expired
        if (!$body['success'] && wp_remote_retrieve_response_code($response) == 401) {
            // Try to refresh token
            if ($this->refresh_token()) {
                // Retry request
                $response = wp_remote_get($this->base_url . $endpoint, array(
                    'headers' => $this->get_headers(),
                    'timeout' => 30
                ));
                $body = $this->parse_response($response);
            }
        }
        
        return $body;
    }
    
    /**
     * Make POST request
     *
     * @param string $endpoint API endpoint
     * @param array $data Request data
     * @return array Response data
     */
    public function post($endpoint, $data) {
        $response = wp_remote_post($this->base_url . $endpoint, array(
            'headers' => $this->get_headers(),
            'body' => json_encode($data),
            'timeout' => 60
        ));
        
        $body = $this->parse_response($response);
        
        // Handle 401 - token expired
        if (!$body['success'] && wp_remote_retrieve_response_code($response) == 401) {
            // Try to refresh token
            if ($this->refresh_token()) {
                // Retry request
                $response = wp_remote_post($this->base_url . $endpoint, array(
                    'headers' => $this->get_headers(),
                    'body' => json_encode($data),
                    'timeout' => 60
                ));
                $body = $this->parse_response($response);
            }
        }
        
        return $body;
    }
    
    /**
     * Make PUT request
     *
     * @param string $endpoint API endpoint
     * @param array $data Request data
     * @return array Response data
     */
    public function put($endpoint, $data) {
        $response = wp_remote_request($this->base_url . $endpoint, array(
            'method' => 'PUT',
            'headers' => $this->get_headers(),
            'body' => json_encode($data),
            'timeout' => 60
        ));
        
        return $this->parse_response($response);
    }
    
    /**
     * Make DELETE request
     *
     * @param string $endpoint API endpoint
     * @return array Response data
     */
    public function delete($endpoint) {
        $response = wp_remote_request($this->base_url . $endpoint, array(
            'method' => 'DELETE',
            'headers' => $this->get_headers(),
            'timeout' => 30
        ));
        
        return $this->parse_response($response);
    }
    
    /**
     * Check if authenticated
     *
     * @return bool True if authenticated
     */
    public function is_authenticated() {
        return !empty($this->access_token);
    }
    
    /**
     * Get access token
     *
     * @return string|null Access token
     */
    public function get_access_token() {
        return $this->access_token;
    }
}