<?php
session_start();
require_once 'db/config.php';
require_once 'utils.php';

if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['error' => 'Unauthorized']);
    exit();
}

$user_id = $_SESSION['user_id'];
$channel_id = $_GET['channel_id'] ?? null;

if (!$channel_id) {
    http_response_code(400);
    echo json_encode(['error' => 'Channel ID is required']);
    exit();
}

try {
    $pdo = db();

    // Verify user has access to this channel's server
    $stmt = $pdo->prepare("
        SELECT c.id
        FROM channels c
        JOIN servers s ON c.server_id = s.id
        JOIN server_members sm ON s.id = sm.server_id
        WHERE c.id = ? AND sm.user_id = ?
    ");
    $stmt->execute([$channel_id, $user_id]);
    if ($stmt->fetch() === false) {
        http_response_code(403);
        echo json_encode(['error' => 'Forbidden']);
        exit();
    }

    // Fetch messages
    $stmt = $pdo->prepare("
        SELECT m.id, m.content, m.created_at, u.username
        FROM messages m
        JOIN users u ON m.user_id = u.id
        WHERE m.channel_id = ?
        ORDER BY m.created_at ASC
    ");
    $stmt->execute([$channel_id]);
    $messages = $stmt->fetchAll();

    header('Content-Type: application/json');
    echo json_encode($messages);

} catch (PDOException $e) {
    error_log("Get Messages Error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'Internal Server Error']);
}