<?php

/**
 *  Informatica Eindproject D4p
 *  6in3, Stedelijk Gymnasium Nijmegen
 *  Docent: Hans de Wolf
 *
 *  ==================
 *
 *  Daniel Boutros,
 *  Christiaan Goossens,
 *  Jelmer Hinssen
 */

namespace Inforbank\Application\API;

use \Slim\App;

class Handler
{
    public function __construct(App $app)
    {
        /**
         * Create the API route group
         */
        $app->group('/api', function () {
            /**
             * TransactionRequest API Endpoint
             *
             * Requires the following POST arguments:
             * - clientId
             * - transactionId
             * - amount
             * - description
             * - returnUrl
             * - sha1
             */
            $this->post('/transactionRequest', function ($request, $response, $args) {
                $parsedBody = $request->getParsedBody();

                if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) {
                    // Correct request

                    if ($parsedBody['clientId'] !== Handler::getClientId()) {
                        $response = $response->withStatus(403);
                        $responseJSON = array(
                            "success" => false,
                            "error" => "Incorrect client id."
                        );
                    } else {
                        $clientSecret = Handler::getClientSecret();
                        $sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);

                        if ($sha === $parsedBody['sha1']) {
                            $responseJSON = array(
                                "success" => true,
                                "redirect" => "https://example.com"
                            );
                        } else {
                            $response = $response->withStatus(403);
                            $responseJSON = array(
                                "success" => false,
                                "error" => "Incorrect sha1 verification hash."
                            );
                        }
                    }
                } else {
                    $response = $response->withStatus(400);
                    $responseJSON = array(
                        "success" => false,
                        "error" => "Missing one of the following attributes: [clientId, transactionId, amount, description, returnUrl, sha1]"
                    );
                }

                $body = $response->getBody();
                $body->write(json_encode($responseJSON));
                return $response->withBody($body);
            });

            /**
             * StatusRequest API Endpoint
             *
             * Requires the following POST arguments:
             * - clientId
             * - transactionId
             * - sha1
             */
            $this->post('/statusRequest', function ($request, $response, $args) {
                $parsedBody = $request->getParsedBody();

                if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) {
                    // Correct request

                    if ($parsedBody['clientId'] !== Handler::getClientId()) {
                        $response = $response->withStatus(403);
                        $responseJSON = array(
                            "success" => false,
                            "error" => "Incorrect client id."
                        );
                    } else {
                        $clientSecret = Handler::getClientSecret();
                        $sha = sha1($parsedBody['transactionId'] . $clientSecret);

                        if ($sha === $parsedBody['sha1']) {
                            $responseJSON = array(
                                "success" => true,
                                "transaction" => array(
                                    "status" => "Success",
                                    "transactionId" => "notyetfromdb",
                                    "someotherrandomkey" => "changethis"
                                )
                            );
                        } else {
                            $response = $response->withStatus(403);
                            $responseJSON = array(
                                "success" => false,
                                "error" => "Incorrect sha1 verification hash."
                            );
                        }
                    }
                } else {
                    $response = $response->withStatus(400);
                    $responseJSON = array(
                        "success" => false,
                        "error" => "Missing one of the following attributes: [clientId, transactionId, sha1]"
                    );
                }

                $body = $response->getBody();
                $body->write(json_encode($responseJSON));
                return $response->withBody($body);
            });
        })->add(function ($request, $response, $next) {
            /**
             * Add the correct JSON headers to the responses
             */
            $response = $response->withHeader('Content-type', 'application/json');
            return $next($request, $response);
        });
    }

    public static function getClientId()
    {
        return 'de-webshop';
    }

    public static function getClientSecret()
    {
        return '42';
    }
}