<?php
/**
 * Student-access link actions (create, toggle, set_password, delete).
 */
require_once __DIR__ . '/../../../config/bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
require_once __DIR__ . '/../../../src/ShareLink.php';

App::adminGuard();

if ($_SERVER['REQUEST_METHOD'] !== 'POST'
    || !isset($_POST['csrf_token'], $_SESSION['csrf_token'])
    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
    http_response_code(403);
    exit('CSRF token invalide.');
}

$action = $_POST['action'] ?? '';
$id     = isset($_POST['id']) ? intval($_POST['id']) : 0;
$shareLink = ShareLink::make();

switch ($action) {
    case 'create':
        $password   = !empty($_POST['password']) ? trim($_POST['password']) : null;
        $expiresRaw = !empty($_POST['expires_at']) ? trim($_POST['expires_at']) : null;
        $expiresAt  = null;
        if ($expiresRaw) {
            // datetime-local gives "YYYY-MM-DDTHH:MM"
            $expiresAt = date('Y-m-d H:i:s', strtotime($expiresRaw));
            if ($expiresAt <= date('Y-m-d H:i:s')) {
                App::redirect('/admin/student-access.php', error: "La date d'expiration doit être dans le futur.");
            }
        }
        $shareLink->create(1, $password, $expiresAt);
        App::redirect('/admin/student-access.php', success: 'Lien d\'accès créé.');
        break;

    case 'toggle':
        if ($id > 0) {
            $shareLink->toggleActive($id);
            App::redirect('/admin/student-access.php', success: 'Statut du lien modifié.');
        } else {
            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
        }
        break;

    case 'set_password':
        if ($id > 0) {
            $password = isset($_POST['password']) && $_POST['password'] !== '' ? trim($_POST['password']) : null;
            $shareLink->setPassword($id, $password);
            App::redirect('/admin/student-access.php', success: 'Mot de passe mis à jour.');
        } else {
            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
        }
        break;

    case 'delete':
        if ($id > 0) {
            $shareLink->delete($id);
            App::redirect('/admin/student-access.php', success: 'Lien supprimé.');
        } else {
            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
        }
        break;

    default:
        App::redirect('/admin/student-access.php', error: 'Action inconnue.');
        break;
}