<?php
require_once __DIR__ . '/../db/config.php';

header('Content-Type: application/json');

function sendJsonResponse($data, $statusCode = 200) {
    http_response_code($statusCode);
    echo json_encode($data);
    exit();
}

// Basic API Key check (for demonstration purposes)
// In a real application, use a more robust authentication mechanism (e.g., OAuth2, JWT)
function checkApiKey() {
    $headers = getallheaders();
    $apiKey = $headers['X-Api-Key'] ?? '';

    // Replace 'YOUR_SECRET_API_KEY' with a strong, secret API key
    // This should ideally be stored in an environment variable or secure configuration
    if ($apiKey !== 'YOUR_SECRET_API_KEY') {
        sendJsonResponse(['error' => 'Unauthorized', 'message' => 'Invalid API Key.'], 401);
    }
}

checkApiKey();

$pdo = db();
$method = $_SERVER['REQUEST_METHOD'];

switch ($method) {
    case 'GET':
        if (isset($_GET['id'])) {
            // Get single project
            $id = $_GET['id'];
            try {
                $stmt = $pdo->prepare("SELECT p.*, c.name as company_name FROM projects p JOIN companies c ON p.company_id = c.id WHERE p.id = :id");
                $stmt->execute(['id' => $id]);
                $project = $stmt->fetch();
                if ($project) {
                    sendJsonResponse($project);
                } else {
                    sendJsonResponse(['error' => 'Not Found', 'message' => 'Project not found.'], 404);
                }
            } catch (PDOException $e) {
                sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
            }
        } else if (isset($_GET['company_id'])) {
            // Get projects by company
            $company_id = $_GET['company_id'];
            try {
                $stmt = $pdo->prepare("SELECT p.*, c.name as company_name FROM projects p JOIN companies c ON p.company_id = c.id WHERE p.company_id = :company_id ORDER BY p.name");
                $stmt->execute(['company_id' => $company_id]);
                $projects = $stmt->fetchAll();
                sendJsonResponse($projects);
            } catch (PDOException $e) {
                sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
            }
        }
        else {
            // Get all projects
            try {
                $stmt = $pdo->query("SELECT p.*, c.name as company_name FROM projects p JOIN companies c ON p.company_id = c.id ORDER BY p.name");
                $projects = $stmt->fetchAll();
                sendJsonResponse($projects);
            } catch (PDOException $e) {
                sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
            }
        }
        break;

    case 'POST':
        $data = json_decode(file_get_contents('php://input'), true);
        if (!$data || empty($data['company_id']) || empty($data['name'])) {
            sendJsonResponse(['error' => 'Bad Request', 'message' => 'Company ID and Project Name are required.'], 400);
        }

        $company_id = $data['company_id'];
        $name = $data['name'];
        $description = $data['description'] ?? null;
        $status = $data['status'] ?? 'active';
        $start_date = $data['start_date'] ?? null;
        $end_date = $data['end_date'] ?? null;

        try {
            $stmt = $pdo->prepare("INSERT INTO projects (company_id, name, description, status, start_date, end_date) VALUES (:company_id, :name, :description, :status, :start_date, :end_date)");
            $stmt->execute([
                'company_id' => $company_id,
                'name' => $name,
                'description' => $description,
                'status' => $status,
                'start_date' => $start_date,
                'end_date' => $end_date
            ]);
            sendJsonResponse(['message' => 'Project created successfully', 'id' => $pdo->lastInsertId()], 201);
        } catch (PDOException $e) {
            sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
        }
        break;

    case 'PUT':
        $data = json_decode(file_get_contents('php://input'), true);
        if (!isset($_GET['id'])) {
            sendJsonResponse(['error' => 'Bad Request', 'message' => 'Project ID is required for update.'], 400);
        }
        if (!$data || empty($data['company_id']) || empty($data['name'])) {
            sendJsonResponse(['error' => 'Bad Request', 'message' => 'Company ID and Project Name are required.'], 400);
        }

        $id = $_GET['id'];
        $company_id = $data['company_id'];
        $name = $data['name'];
        $description = $data['description'] ?? null;
        $status = $data['status'] ?? 'active';
        $start_date = $data['start_date'] ?? null;
        $end_date = $data['end_date'] ?? null;

        try {
            $stmt = $pdo->prepare("UPDATE projects SET company_id = :company_id, name = :name, description = :description, status = :status, start_date = :start_date, end_date = :end_date WHERE id = :id");
            $stmt->execute([
                'company_id' => $company_id,
                'name' => $name,
                'description' => $description,
                'status' => $status,
                'start_date' => $start_date,
                'end_date' => $end_date,
                'id' => $id
            ]);
            if ($stmt->rowCount() > 0) {
                sendJsonResponse(['message' => 'Project updated successfully.']);
            } else {
                sendJsonResponse(['error' => 'Not Found', 'message' => 'Project not found or no changes made.'], 404);
            }
        } catch (PDOException $e) {
            sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
        }
        break;

    case 'DELETE':
        if (!isset($_GET['id'])) {
            sendJsonResponse(['error' => 'Bad Request', 'message' => 'Project ID is required for deletion.'], 400);
        }
        $id = $_GET['id'];

        try {
            $stmt = $pdo->prepare("DELETE FROM projects WHERE id = :id");
            $stmt->execute(['id' => $id]);
            if ($stmt->rowCount() > 0) {
                sendJsonResponse(['message' => 'Project deleted successfully.']);
            } else {
                sendJsonResponse(['error' => 'Not Found', 'message' => 'Project not found.'], 404);
            }
        } catch (PDOException $e) {
            sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
        }
        break;

    default:
        sendJsonResponse(['error' => 'Method Not Allowed', 'message' => '' . $method . ' method is not supported.'], 405);
        break;
}