<?php

require_once('../Connection/DB.php');
require_once('../Helpers/Helpers.php');

function sendOtpSms($mobileNumber) {
    $url = "https://cpaas.messagecentral.com/verification/v3/send?countryCode=91&customerId=C-BB02AA7F5FAF4D8&flowType=SMS&mobileNumber=$mobileNumber";

    $authToken = 'eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJDLUJCMDJBQTdGNUZBRjREOCIsImlhdCI6MTc0Mjc5MDM4NywiZXhwIjoxOTAwNDcwMzg3fQ.fU5fgOHm5Vg5hI1bSZ2oXJodY6dOS1yLvS58YoAVNJCZt3zMxn6PhYTtcEUlnHb_XgpBlNzfatQMFWj3MDYE5g'; // Update your auth token

    $headers = [
        "authToken: $authToken"
    ];

    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    curl_close($ch);

    if ($httpCode == 200) {
        return json_decode($response, true); // API response ko array me convert karo
    } else {
        return [
            "error" => "Failed to send OTP",
            "status" => $httpCode,
            "response" => $response
        ];
    }
}

function validateOtp($mobileNumber, $verificationId, $otp) {
    $url = "https://cpaas.messagecentral.com/verification/v3/validateOtp?countryCode=91&mobileNumber=$mobileNumber&verificationId=$verificationId&customerId=C-BB02AA7F5FAF4D8&code=$otp";
    $authToken = 'eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJDLUJCMDJBQTdGNUZBRjREOCIsImlhdCI6MTc0Mjc5MDM4NywiZXhwIjoxOTAwNDcwMzg3fQ.fU5fgOHm5Vg5hI1bSZ2oXJodY6dOS1yLvS58YoAVNJCZt3zMxn6PhYTtcEUlnHb_XgpBlNzfatQMFWj3MDYE5g'; // Update your auth token
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array("authToken: $authToken"));
    
    $response = curl_exec($ch);
    curl_close($ch);
    return json_decode($response, true);
}

if (isset($_GET['number']) && $_SERVER['REQUEST_METHOD'] === 'GET') {
    $number = trimAndSecure($_GET['number']);
    if (strlen($number) !== 10) {
        $response = new Response(false, 403, "Incorrect Contact Number");
        $response->send();
        exit();
    }
    
    $otpResponse = sendOtpSms($number);
    error_log("OTP API Response: " . print_r($otpResponse, true));
    if ($otpResponse['responseCode'] == 200) {
        $returnData = array(
            'verificationId' => $otpResponse['data']['verificationId'],
            'feedback' => "OTP Sent Successfully"
        );
        $response = new Response(true, 200, "OTP Sent", $returnData);
    } else {
        $response = new Response(false, 500, "Failed to send OTP");
    }
    $response->send();
    exit();
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $jsonData = json_decode(file_get_contents('php://input'));
    if (!isset($jsonData->number, $jsonData->otp, $jsonData->verificationId)) {
        $response = new Response(false, 401, "Unauthorized Error");
        $response->send();
        exit();
    }
    
    $number = trimAndSecure($jsonData->number);
    $otp = trimAndSecure($jsonData->otp);
    $verificationId = trimAndSecure($jsonData->verificationId);
    
    $otpValidation = validateOtp($number, $verificationId, $otp);
    if ($otpValidation['responseCode'] == 200 && $otpValidation['data']['verificationStatus'] === 'VERIFICATION_COMPLETED') {
        $sessionId = time();
        $accessToken = manualEncryption($number."_".time());
        $refreshToken = manualEncryption($number."_".time()."_REFRESHTOKEN_");
        
        $returnData = array(
            'user_id' => "LNUSR$number",
            'session_id' => "LNSESS$sessionId",
            'access_token' => $accessToken,
            'refresh_token' => $refreshToken
        );
        
        $response = new Response(true, 201, "OTP Verified Successfully", $returnData);
    } else {
        $response = new Response(false, 401, "Invalid OTP");
    }
    $response->send();
    exit();
}