<?php
header('Content-Type: application/json');
require_once __DIR__ . '/../db/config.php';

function generate_random_token($length = 32) {
    return bin2hex(random_bytes($length));
}

function generate_pair_code($length = 6) {
    return substr(str_shuffle('0123456789'), 0, $length);
}

try {
    $pdo = db();

    $session_id = generate_random_token();
    $pair_code = generate_pair_code();
    // In a real app, this would be a signed JWT, but for now, a simple token is fine.
    $pair_token = generate_random_token(40);
    $expires_at = date('Y-m-d H:i:s', time() + 15 * 60); // 15 minutes from now

    $stmt = $pdo->prepare(
        "INSERT INTO sessions (session_id, pair_code, pair_token, expires_at, status, created_by) VALUES (?, ?, ?, ?, 'pending', 'ui')"
    );
    $stmt->execute([$session_id, $pair_code, $pair_token, $expires_at]);

    $response = [
        'success' => true,
        'pair_code' => $pair_code,
        'qr_payload' => json_encode(['pair_token' => $pair_token]), // QR payload should be structured data
        'expires_at' => $expires_at
    ];

    echo json_encode($response);

} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}