<?php

namespace Controllers;

use Firebase\JWT\JWT;
use Libs\Logger;
use Libs\Payload;
use Libs\Validator;
use Models\UserModel;
use Psr\Http\Message\ServerRequestInterface;

class LoginController
{
    public function __invoke(ServerRequestInterface $request)
    {
        $body = json_decode((string) $request->getBody(), true) ?: [];

        $email = $body['email'] ?? $body['user_email'] ?? '';
        $password = $body['password'] ?? '';

        $validator = (new Validator(['email' => $email, 'password' => $password]))
            ->required('email')->email('email')->maxLength('email', 255)
            ->required('password');

        if ($validator->fails()) {
            return Payload::fail($validator->firstError(), [], 'E_VALIDATE', 400);
        }

        $secret = $_ENV['JWT_SECRET'] ?? '';
        if ($secret === '') {
            Logger::error('JWT_SECRET is not configured; cannot issue tokens');
            return Payload::fail('Internal server error', [], 'E_GENERIC', 500);
        }

        $userModel = new UserModel();
        $user = $userModel->validateLogin($email, $password);

        if (!$user) {
            return Payload::fail('Invalid credentials', [], 'E_VALIDATE', 401);
        }

        $payload = [
            'sub' => $user['user_id'],
            'email' => $user['user_email'],
            'company_id' => $user['company_id'],
            'role' => $user['user_role'],
            'iat' => time(),
            'exp' => time() + 3600
        ];
        $jwt = JWT::encode($payload, $secret, 'HS256');

        return Payload::ok([
            'token' => $jwt,
            'user' => $user,
        ]);
    }
}