backend-php/public/index.php

<?php

require __DIR__ . '/../vendor/autoload.php';

use FrameworkX\App;
use Middlewares\CorsMiddleware;
use Middlewares\JwtAuthMiddleware;

$requestUri = $_SERVER['REQUEST_URI'] ?? null;
$path = $requestUri !== null ? parse_url($requestUri, PHP_URL_PATH) : '/';
$file = __DIR__ . $path;
if (php_sapi_name() === 'cli-server' && is_file($file)) {
    return false;
}

if (class_exists(Dotenv\Dotenv::class) && file_exists(__DIR__ . '/../.env')) {
    Dotenv\Dotenv::createImmutable(
        dirname(__DIR__),
        null,
        true
    )->safeLoad();
}

error_reporting(E_ALL);

$dsn = $_ENV['DB_DSN'] ?? (function () {
    $host = $_ENV['DB_HOST'] ?? 'localhost';
    $port = $_ENV['DB_PORT'] ?? '5432';
    $name = $_ENV['DB_NAME'] ?? 'postgres';
    return "pgsql:host={$host};port={$port};dbname={$name}";
})();
$dbUser = $_ENV['DB_USER'] ?? 'postgres';
$dbPass = $_ENV['DB_PASSWORD'] ?? '';
$GLOBALS['pdo'] = new \PDO($dsn, $dbUser, $dbPass);
$GLOBALS['pdo']->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);

$corsEnabled = filter_var($_ENV['CORS'] ?? 'false', FILTER_VALIDATE_BOOLEAN);
$globalMiddleware = $corsEnabled ? [CorsMiddleware::class] : [];

$app = new App(...$globalMiddleware);
$authJwt = new JwtAuthMiddleware();

$app->post('/verify/jwt', $authJwt,\Controllers\HelloController::class);

$app->post('/login', \Controllers\LoginController::class);
$app->post('/register', $authJwt, \Controllers\RegisterController::class);
$app->post('/user/get', $authJwt, \Controllers\UserGetController::class);
$app->post('/user/delete', $authJwt, \Controllers\UserDeleteController::class);

// Public endpoint to create company, user, and wallet in a single transaction
$app->post('/company/user/create', \Controllers\CompanyWithUserController::class);
$app->post('/company/user/kyc/status', \Controllers\CompanyCheckStatus::class);
$app->post('/user/kyc/status', \Controllers\UserCheckStatus::class);

// Authenticated user profile updates
$app->post('/user/change-email', $authJwt, \Controllers\UserChangeEmailController::class);
$app->post('/user/change-password', $authJwt, \Controllers\UserChangePasswordController::class);

// Commodities (JWT-protected)
$app->post('/commodity/create', $authJwt, \Controllers\CommodityCreateController::class);
$app->post('/commodity/update', $authJwt, \Controllers\CommodityUpdateController::class);
$app->post('/commodity/delete', $authJwt, \Controllers\CommodityDeleteController::class);
$app->post('/commodities/get', $authJwt, \Controllers\CommoditiesGetController::class);

// CPR registration
$app->post('/cpr/create', $authJwt, \Controllers\RegisterCprController::class);

// CPR history
$app->post('/cpr/history', $authJwt, \Controllers\CprQueryController::class);

$app->post('/wallet/tokens', $authJwt, \Controllers\WalletTokensController::class);
$app->post('/token/get', $authJwt, \Controllers\TokenGetController::class);

$app->post('/b3/token', \Controllers\B3TokenController::class);
$app->post('/b3/cpr/register', $authJwt, \Controllers\B3CprRegisterController::class);
$app->post('/b3/payment/confirm', $authJwt, \Controllers\PaymentConfirmController::class);

$app->run();