<?php
require_once __DIR__ . '/config.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    sendJsonResponse(['error' => 'Invalid request method'], 405);
    exit;
}

if (!validateApiKey()) {
    logWebhook('reviews', file_get_contents('php://input'), 401);
    sendJsonResponse(['error' => 'Unauthorized'], 401);
    exit;
}

$request_body = file_get_contents('php://input');
$data = json_decode($request_body, true);

if (json_last_error() !== JSON_ERROR_NONE) {
    logWebhook('reviews', $request_body, 400);
    sendJsonResponse(['error' => 'Invalid JSON'], 400);
    exit;
}

$errors = [];
if (empty($data['platform_source'])) {
    $errors[] = 'platform_source is required';
}
if (empty($data['star_rating'])) {
    $errors[] = 'star_rating is required';
}


if (!empty($errors)) {
    logWebhook('reviews', $request_body, 422);
    sendJsonResponse(['errors' => $errors], 422);
    exit;
}

try {
    $stmt = db()->prepare("INSERT INTO reviews (platform_source, star_rating, review_text, reviewer_name, review_date) VALUES (?, ?, ?, ?, ?)");
    $stmt->execute([
        $data['platform_source'],
        $data['star_rating'],
        $data['review_text'] ?? null,
        $data['reviewer_name'] ?? null,
        $data['review_date'] ?? null
    ]);
    $new_id = db()->lastInsertId();
    logWebhook('reviews', $request_body, 201);
    sendJsonResponse(['success' => true, 'id' => $new_id, 'message' => 'Review created'], 201);
} catch (PDOException $e) {
    error_log($e->getMessage());
    logWebhook('reviews', $request_body, 500);
    sendJsonResponse(['error' => 'Database error'], 500);
}