<?php

namespace Api\Controllers;

use Api\Core\Response;
use Api\Core\Auth;

class AuthController {
    public function login() {
        $data = json_decode(file_get_contents('php://input'), true);
        $email = $data['email'] ?? '';
        $password = $data['password'] ?? '';

        if (!$email || !$password) {
            Response::error('Email and password required');
        }

        $db = db();
        $stmt = $db->prepare("SELECT * FROM users WHERE email = :email");
        $stmt->execute(['email' => $email]);
        $user = $stmt->fetch();

        if ($user && password_verify($password, $user['password'])) {
            $token = Auth::generateToken([
                'user_id' => $user['id'],
                'role' => $user['role'],
                'school_id' => $user['school_id'],
                'email' => $user['email']
            ]);

            Response::json([
                'token' => $token,
                'user' => [
                    'id' => $user['id'],
                    'email' => $user['email'],
                    'role' => $user['role'],
                    'name' => $user['name'] ?? ''
                ]
            ]);
        } else {
            Response::error('Invalid credentials', 401);
        }
    }

    public function me() {
        $token = Auth::getBearerToken();
        if (!$token) Response::error('No token provided', 401);

        $payload = Auth::verifyToken($token);
        if (!$payload) Response::error('Invalid or expired token', 401);

        Response::json(['user' => $payload]);
    }
}