<?php
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
error_log('[corbeille.php] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | action=' . ($_POST['action'] ?? 'none'));

AdminAuth::requireLogin();

if ($_SERVER['REQUEST_METHOD'] !== 'POST'
    || !isset($_POST['csrf_token'], $_SESSION['csrf_token'])
    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
    http_response_code(403);
    die("Accès refusé.");
}

require_once __DIR__ . '/../../../src/Database.php';
require_once __DIR__ . '/../../../src/AdminLogger.php';
require_once __DIR__ . '/../../../src/ErrorHandler.php';

try {
    $db     = new Database();
    $logger = AdminLogger::make();
    $action = $_POST['action'] ?? '';

    switch ($action) {
        case 'restore':
            $thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
            if (!$thesisId) throw new Exception("ID invalide.");
            $db->restoreThesis($thesisId);
            $logger->logPublish(true, [$thesisId]); // log restore as an admin action
            App::flash('success', "TFE restauré avec succès.");
            break;

        case 'hard_delete':
            $thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
            if (!$thesisId) throw new Exception("ID invalide.");
            $db->hardDeleteThesis($thesisId);
            $logger->logDelete([$thesisId]);
            App::flash('success', "TFE définitivement supprimé.");
            break;

        case 'empty_trash':
            $trashed = $db->getTrashedTheses();
            foreach ($trashed as $t) {
                $db->hardDeleteThesis((int)$t['id']);
                $logger->logDelete([(int)$t['id']]);
            }
            App::flash('success', "Corbeille vidée (" . count($trashed) . " TFE supprimés définitivement).");
            break;

        default:
            throw new Exception("Action inconnue.");
    }
} catch (Exception $e) {
    ErrorHandler::log('corbeille', $e);
    App::flash('error', ErrorHandler::userMessage($e));
}

$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/index.php?tab=trash');
exit;