nettown_backend/controllers/RegisterController.php

<?php

namespace Controllers;

use Libs\Logger;
use Libs\ResponseLib;
use Libs\Validator;
use Models\UserModel;
use Psr\Http\Message\ServerRequestInterface;

class RegisterController
{
    private UserModel $userModel;

    public function __construct()
    {
        $this->userModel = new UserModel();
    }

    public function __invoke(ServerRequestInterface $request)
    {
        // company_id NÃO vem mais do body: é herdado do usuário autenticado (JWT).
        // Isso impede que alguém se registre sob uma empresa arbitrária.
        $userId = (int) ($request->getAttribute('user_id') ?? 0);
        if ($userId <= 0) {
            return ResponseLib::sendFail("Unauthorized: Missing authenticated user", [], "E_VALIDATE")->withStatus(401);
        }

        $body = json_decode((string) $request->getBody(), true) ?: [];

        $name = $body['name'] ?? $body['user_name'] ?? null;
        $phone = $body['phone'] ?? $body['user_phone'] ?? '';
        $email = $body['email'] ?? $body['user_email'] ?? '';
        $role = $body['role'] ?? $body['user_role'] ?? '';
        $password = $body['password'] ?? '';

        $validator = (new Validator([
            'name' => $name,
            'phone' => $phone,
            'email' => $email,
            'role' => $role,
            'password' => $password,
        ]))
            ->maxLength('name', 120)
            ->required('phone')->phone('phone')
            ->required('email')->email('email')->maxLength('email', 255)
            ->required('role')->maxLength('role', 50)
            ->required('password')->minLength('password', 8)->maxLength('password', 255);

        if ($validator->fails()) {
            return ResponseLib::sendFail($validator->firstError(), [], "E_VALIDATE")->withStatus(400);
        }

        try {
            $companyId = $this->userModel->getCompanyIdByUserId($userId);
            if ($companyId === null) {
                return ResponseLib::sendFail("User not found", [], "E_NOT_FOUND")->withStatus(404);
            }

            $userData = $this->userModel->createUser($companyId, $email, $password, $phone, $role, $name);

            if (!$userData) {
                return ResponseLib::sendFail("Email already exists or creation failed", [], "E_VALIDATE")->withStatus(400);
            }

            return ResponseLib::sendOk($userData, "S_CREATED", "User created.");
        } catch (\Throwable $e) {
            Logger::error('Failed to register user', ['error' => $e->getMessage()]);
            return ResponseLib::sendFail("Failed to register user", [], "E_GENERIC")->withStatus(500);
        }
    }
}