<?php

/*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

require __DIR__ . "/../required.php";

header("Content-Security-Policy: default-src '*';");
header('Access-Control-Allow-Origin: *');

// Get the API route/action
$route = explode("/", substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], "api/v0.2/") + 9));

// HTTP authentication
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="' . $SETTINGS['site_title'] . '"');
    header('HTTP/1.0 401 Unauthorized');
    exit;
} else {
    $user = User::byUsername($_SERVER['PHP_AUTH_USER']);
    if (!$user->checkPassword($_SERVER['PHP_AUTH_PW'])) {
        header('HTTP/1.1 401 Unauthorized');
        die($Strings->get("login incorrect"));
    }
}

header("Content-Type: application/json");

$requestdata = $_GET;
$requestbody = file_get_contents('php://input');
$requestjson = json_decode($requestbody, TRUE);
if (json_last_error() == JSON_ERROR_NONE) {
    $requestdata = array_merge($requestdata, $requestjson);
}

file_put_contents("/var/www/html/debug.log", var_export($requestdata, true));

switch ($_SERVER['REQUEST_METHOD']) {
    case "GET":
        if (count($route) == 1) {
            $noteids = $database->select('notes', 'noteid', ['ownerid' => $user->getUID()]);
            $notes = [];
            foreach ($noteids as $n) {
                $notes[] = Note::loadNote($n)->toNextcloud();
            }
            exit(json_encode($notes));
        } else if (count($route) == 2 && is_numeric($route[1])) {
            try {
                $note = Note::loadNote($route[1]);
                if ($note->getOwner()->getUID() == $user->getUID()) {
                    exit(json_encode($note->toNextcloud()));
                } else {
                    http_response_code(401);
                }
            } catch (NoSuchNoteException $ex) {
                http_response_code(404);
            }
        }
        break;
    case "POST":
        $note = new Note($requestdata['content']);

        if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
            $note->setModified(date("Y-m-d H:i:s"));
        } else {
            $note->setModified($requestdata['modified']);
        }

        if (!empty($requestdata['favorite']) && $requestdata['favorite'] == true) {
            $note->setFavorite(true);
        }

        $note->setOwner($user);

        $note->saveNote();

        exit(json_encode($note->toNextcloud()));
        break;
    case "PUT":
        if (count($route) == 2 && is_numeric($route[1])) {
            try {
                $note = Note::loadNote($route[1]);
                if ($note->hasWriteAccess($user)) {
                    $note->setText($requestdata['content']);
                    if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
                        $note->setModified(date("Y-m-d H:i:s"));
                    } else {
                        $note->setModified($requestdata['modified']);
                    }
                    if (!empty($requestdata['favorite']) && $requestdata['favorite'] == true) {
                        $note->setFavorite(true);
                    } else {
                        $note->setFavorite(false);
                    }
                    $note->saveNote();
                    exit(json_encode($note->toNextcloud()));
                } else {
                    http_response_code(401);
                }
            } catch (NoSuchNoteException $ex) {
                http_response_code(404);
            }
        }
        break;
    case "DELETE":
        if (count($route) == 2 && is_numeric($route[1])) {
            try {
                $note = Note::loadNote($route[1]);
                if ($note->hasWriteAccess($user)) {
                    $note->deleteNote();
                    exit;
                } else {
                    http_response_code(401);
                }
            } catch (NoSuchNoteException $ex) {
                http_response_code(404);
            }
        }
        break;
}