<?php
/**
 * FilePond load endpoint — streams an existing thesis file back to FilePond.
 *
 * GET /admin/actions/filepond/load.php?id={db_id}
 *
 * Used in edit mode to restore saved files into the FilePond UI.
 */

require_once __DIR__ . '/../../../../bootstrap.php';
require_once __DIR__ . '/../../../../src/AdminAuth.php';
require_once __DIR__ . '/../../../../src/ErrorHandler.php';

AdminAuth::requireLogin();

// ── Only accept GET ──────────────────────────────────────────────────────
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
    http_response_code(405);
    die('Méthode non autorisée.');
}

// ── Validate db_id ───────────────────────────────────────────────────────
$dbId = filter_var($_GET['id'] ?? '', FILTER_VALIDATE_INT);
if ($dbId === false || $dbId <= 0) {
    http_response_code(400);
    die('ID invalide.');
}

// ── Look up file in DB (validation of thesis ownership is implicit via admin auth + DB lookup) ──
require_once APP_ROOT . '/src/Database.php';
$db = new Database();

// Fetch thesis_files row by its own primary key
$pdo   = $db->getConnection();
$stmt  = $pdo->prepare('SELECT * FROM thesis_files WHERE id = ?');
$stmt->execute([$dbId]);
$fileRow = $stmt->fetch();

if (!$fileRow) {
    http_response_code(404);
    die('Fichier introuvable.');
}

$filePath = $fileRow['file_path'] ?? '';
$fileName = $fileRow['file_name'] ?? basename($filePath);
$mimeType = $fileRow['mime_type'] ?? 'application/octet-stream';

// ── Skip PeerTube and website entries (no actual file) ───────────────────
if (str_starts_with($filePath, 'peertube_ids:')) {
    http_response_code(404);
    die('Fichier PeerTube — pas de flux direct.');
}
if (str_starts_with($filePath, 'http://') || str_starts_with($filePath, 'https://')) {
    http_response_code(404);
    die('URL — pas de flux direct.');
}

// ── Resolve absolute path ────────────────────────────────────────────────
$absPath = STORAGE_ROOT . '/' . $filePath;

if (!file_exists($absPath) || !is_readable($absPath)) {
    http_response_code(404);
    die('Fichier absent du disque.');
}

// ── Stream the file ──────────────────────────────────────────────────────
$fileSize = filesize($absPath);

// Content-Disposition: inline so FilePond receives it as a valid file
header('Content-Type: ' . $mimeType);
header('Content-Length: ' . $fileSize);
header('Content-Disposition: inline; filename="' . addslashes($fileName) . '"');
header('Cache-Control: no-cache');

readfile($absPath);
exit;