<?php

use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Response\Redirect;
use SokoWeb\Response\HtmlContent;
use SokoWeb\Response\JsonContent;

require '../web.php';

$method = strtolower($_SERVER['REQUEST_METHOD']);
$url = substr($_SERVER['REQUEST_URI'], strlen('/'));
if (($pos = strpos($url, '?')) !== false) {
    $url = substr($url, 0, $pos);
}
$url = rawurldecode($url);

$match = Container::$routeCollection->match($method, $url == '' ? [] : explode('/', $url));

if ($match !== null) {
    list($route, $params) = $match;

    Container::$request->setParsedRouteParams($params);

    $handler = $route->getHandler();
    $controller = new $handler[0](Container::$request);

    if (
        $controller instanceof IAuthenticationRequired &&
        $controller->isAuthenticationRequired() &&
        Container::$request->user() === null
    ) {
        Container::$request->session()->set('redirect_after_login', substr($_SERVER['REQUEST_URI'], strlen('/')));
        $response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY);
        header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
        return;
    }

    if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
        $content = new JsonContent(['error' => 'no_valid_anti_csrf_token']);
        header('Content-Type: text/html; charset=UTF-8', true, 403);
        $content->render();
        return;
    }

    if (
        !($controller instanceof ISecured) ||
        $controller->authorize()
    ) {
        $response = call_user_func([$controller, $handler[1]]);
        if ($response instanceof IContent) {
            header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
            $response->render();
            return;
        } elseif ($response instanceof IRedirect) {
            header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
            return;
        }
    }
}

$content = new HtmlContent('error/404');
header('Content-Type: text/html; charset=UTF-8', true, 404);
$content->render();