<?php

namespace Controllers;

use Firebase\JWT\JWT;
use Libs\ResponseLib;
use Models\UserModel;
use Psr\Http\Message\ServerRequestInterface;
use Respect\Validation\Validator as v;
use Respect\Validation\Exceptions\ValidationException;

class LoginController
{
    public function __invoke(ServerRequestInterface $request)
    {
        $body = json_decode((string) $request->getBody(), true) ?? [];

        try {
            v::key('username', v::alnum(' ')->notEmpty())
             ->key('password', v::stringType()->notEmpty())
             ->assert($body);
        } catch (ValidationException $e) {
            return ResponseLib::sendFail("Validation failed: " . $e->getFullMessage(), [], "E_VALIDATE")->withStatus(401);
        }

        $username = $body['username'];
        $password = $body['password'];

        $userModel = new UserModel();
        $user = $userModel->validateLogin($username, $password);

        if (!$user) {
            return ResponseLib::sendFail("Invalid Credentials", [], "E_VALIDATE")->withStatus(400);
        }

        // Gera JWT
        $payload = [
            'sub' => $user['user_id'],
            'username' => $user['user_name'],
            'role_id' => $user['role_id'],
            'company_id' => $user['company_id'],
            'iat' => time(),
            'exp' => time() + 3600  // 1 hora
        ];
        $jwt = JWT::encode($payload, $_ENV['JWT_SECRET'], 'HS256');

        return ResponseLib::sendOk(['token' => $jwt, 'user_id' => $user['user_id'], 'role_id' => $user['role_id'], 'company_id' => $user['company_id']]);
    }
}