<?php
header('Content-Type: application/json');
require_once __DIR__ . '/helpers.php';

// Basic rate limiting (implement a more robust solution in production)
// session_start();
// $request_limit = 10; // 10 requests
// $time_period = 60; // per minute
// $time = time();

// if (!isset($_SESSION['request_count'])) {
//     $_SESSION['request_count'] = 0;
//     $_SESSION['last_request_time'] = $time;
// }

// if ($time - $_SESSION['last_request_time'] > $time_period) {
//     $_SESSION['request_count'] = 0;
//     $_SESSION['last_request_time'] = $time;
// }

// $_SESSION['request_count']++;

// if ($_SESSION['request_count'] > $request_limit) {
//     http_response_code(429);
//     echo json_encode(['error' => 'Too Many Requests']);
//     exit;
// }

$creds = get_api_credentials();
if (!$creds) {
    http_response_code(401);
    echo json_encode(['error' => 'API key not configured.']);
    exit;
}

$request_body = json_decode(file_get_contents('php://input'), true);
if (!$request_body || !isset($request_body['type'])) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid request body.']);
    exit;
}

$api_url = 'https://api.hyperliquid.xyz/info';

// Prepare payload for Hyperliquid
$action = $request_body;
$nonce = (int)(microtime(true) * 1000);
$payload_to_sign = [
    'T' => $action['type'],
];

// Construct signature payload based on action type
switch ($action['type']) {
    case 'query':
        $signature_payload = [
            'type' => $action['type'],
            'query' => $action['query'],
            'nonce' => $nonce,
        ];
        break;
    case 'order':
         $signature_payload = [
            'type' => 'order',
            'orders' => $action['orders'],
            'nonce' => $nonce,
        ];
        break;
    default:
        $signature_payload = [
            'type' => $action['type'],
            'nonce' => $nonce,
        ];
        break;
}

$signature = hash_hmac('sha256', json_encode($signature_payload), $creds['secret']);

$payload = [
    'action' => $action,
    'nonce' => $nonce,
    'signature' => base64_encode($signature)
];


$ch = curl_init($api_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
]);

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$curl_error = curl_error($ch);
curl_close($ch);

if ($curl_error) {
    http_response_code(500);
    echo json_encode(['error' => 'cURL Error: ' . $curl_error]);
    exit;
}

if ($http_code >= 400) {
    http_response_code($http_code);
    // Forward Hyperliquid's error response if available
    $error_response = json_decode($response, true);
    if ($error_response) {
        echo json_encode($error_response);
    } else {
        echo json_encode(['error' => 'Received status code: ' . $http_code]);
    }
    exit;
}

echo $response;

?>