nettown_backend/controllers/RegisterController.php

<?php

namespace Controllers;

use Libs\Logger;
use Libs\Payload;
use Libs\Roles;
use Libs\Validator;
use Models\UserModel;
use Psr\Http\Message\ServerRequestInterface;

class RegisterController
{
    private UserModel $userModel;

    public function __construct()
    {
        $this->userModel = new UserModel();
    }

    public function __invoke(ServerRequestInterface $request)
    {
        // company_id NÃO vem mais do body: é herdado do usuário autenticado (JWT).
        // Isso impede que alguém se registre sob uma empresa arbitrária.
        $userId = (int) ($request->getAttribute('user_id') ?? 0);
        if ($userId <= 0) {
            return Payload::fail('Unauthorized: Missing authenticated user', [], 'E_VALIDATE', 401);
        }

        $body = json_decode((string) $request->getBody(), true) ?: [];

        $name = $body['name'] ?? $body['user_name'] ?? null;
        $phone = $body['phone'] ?? $body['user_phone'] ?? '';
        $email = $body['email'] ?? $body['user_email'] ?? '';
        $role = $body['role'] ?? $body['user_role'] ?? '';
        $password = $body['password'] ?? '';

        $validator = (new Validator([
            'name' => $name,
            'phone' => $phone,
            'email' => $email,
            'role' => $role,
            'password' => $password,
        ]))
            ->maxLength('name', 120)
            ->required('phone')->phone('phone')
            ->required('email')->email('email')->maxLength('email', 255)
            ->required('role')->maxLength('role', 10)
            ->required('password')->minLength('password', 8)->maxLength('password', 255);

        if ($validator->fails()) {
            return Payload::fail($validator->firstError(), [], 'E_VALIDATE', 400);
        }

        // Só permitimos papéis do catálogo oficial (admin/manager/operator).
        $normalizedRole = mb_strtolower(trim((string) $role));
        if (!Roles::isValid($normalizedRole)) {
            return Payload::fail(
                'Invalid role. Allowed roles: ' . implode(', ', Roles::ALL),
                [],
                'E_VALIDATE',
                400
            );
        }
        $role = $normalizedRole;

        try {
            $companyId = $this->userModel->getCompanyIdByUserId($userId);
            if ($companyId === null) {
                return Payload::fail('User not found', [], 'E_NOT_FOUND', 404);
            }

            $userData = $this->userModel->createUser($companyId, $email, $password, $phone, $role, $name);

            if (!$userData) {
                return Payload::fail('Email already exists or creation failed', [], 'E_VALIDATE', 400);
            }

            return Payload::ok($userData, 'S_CREATED', 'User created.');
        } catch (\Throwable $e) {
            Logger::error('Failed to register user', ['error' => $e->getMessage()]);
            return Payload::fail('Failed to register user', [], 'E_GENERIC', 500);
        }
    }
}