<?php
header('Content-Type: application/json');
require_once 'auth/session.php';

// Check for Bot token in headers
$headers = getallheaders();
$bot_token = null;
if (isset($headers['Authorization']) && preg_match('/Bot\s+(\S+)/', $headers['Authorization'], $matches)) {
    $bot_token = $matches[1];
}

$user_id = null;
if ($bot_token) {
    $stmt = db()->prepare("SELECT id FROM users WHERE bot_token = ? AND is_bot = TRUE");
    $stmt->execute([$bot_token]);
    $bot = $stmt->fetch();
    if ($bot) {
        $user_id = $bot['id'];
    } else {
        http_response_code(401);
        echo json_encode(['success' => false, 'error' => 'Invalid Bot Token']);
        exit;
    }
} elseif (isset($_SESSION['user_id'])) {
    $user_id = $_SESSION['user_id'];
} else {
    http_response_code(401);
    echo json_encode(['success' => false, 'error' => 'Unauthorized']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);

if (empty($content)) {
    echo json_encode(['success' => false, 'error' => 'Empty content']);
    exit;
}

try {
    $stmt = db()->prepare("INSERT INTO messages (channel_id, user_id, content) VALUES (?, ?, ?)");
    $stmt->execute([$channel_id, $user_id, $content]);
    $last_id = db()->lastInsertId();

    // Fetch message with username for the response
    $stmt = db()->prepare("SELECT m.*, u.username FROM messages m JOIN users u ON m.user_id = u.id WHERE m.id = ?");
    $stmt->execute([$last_id]);
    $msg = $stmt->fetch();

    echo json_encode([
        'success' => true,
        'message' => [
            'username' => $msg['username'],
            'content' => htmlspecialchars($msg['content']),
            'time' => date('H:i', strtotime($msg['created_at']))
        ]
    ]);
} catch (Exception $e) {
    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}