<?php

// includes/ConfigRepo.php
declare(strict_types=1);

function config_repo_get(): array
{
    $pdo = db();
    $row = $pdo->query('SELECT * FROM app_config WHERE id=1')->fetch(PDO::FETCH_ASSOC);
    if (!$row) {
        return [
            'allow_password' => true,'allow_oidc' => false,'registrations_open' => true,
            'oidc_issuer' => null,'oidc_name' => null,'oidc_client_id' => null,'oidc_client_secret' => null,'oidc_redirect_uri' => null
        ];
    }
    return $row;
}

function config_repo_save(array $in): void
{
    $pdo = db();
    $sql = 'INSERT INTO app_config
      (id, allow_password, allow_oidc, registrations_open, oidc_issuer, oidc_name, oidc_client_id, oidc_client_secret, oidc_redirect_uri, updated_at)
      VALUES (1,:pw,:oidc,:open,:iss,:name,:cid,:sec,:redir, now())
      ON CONFLICT (id) DO UPDATE SET
        allow_password=:pw, allow_oidc=:oidc, registrations_open=:open,
        oidc_issuer=:iss, oidc_name=:name, oidc_client_id=:cid, oidc_client_secret=:sec, oidc_redirect_uri=:redir,
        updated_at=now()';
    $stmt = $pdo->prepare($sql);
    $stmt->execute([
        ':pw'   => (bool)$in['allow_password'],
        ':oidc' => (bool)$in['allow_oidc'],
        ':open' => (bool)$in['registrations_open'],
        ':iss'  => trim((string)($in['oidc_issuer'] ?? '')) ?: null,
        ':name' => trim((string)($in['oidc_name'] ?? '')) ?: null,
        ':cid'  => trim((string)($in['oidc_client_id'] ?? '')) ?: null,
        ':sec'  => trim((string)($in['oidc_client_secret'] ?? '')) ?: null,
        ':redir' => trim((string)($in['oidc_redirect_uri'] ?? '')) ?: null,
    ]);
}

/**
 * Met à jour le fichier .env en conservant les autres lignes.
 * $pairs = ['KEY'=>'value', ...] ; value null => supprime la clé.
 */
function env_set_pairs(string $envPath, array $pairs): void
{
    if (!is_file($envPath)) {
        file_put_contents($envPath, '');
    }
    $lines = file($envPath, FILE_IGNORE_NEW_LINES);
    $map   = [];
    foreach ($lines as $i => $line) {
        if (preg_match('/^\s*#/', $line) || trim($line) === '') {
            $map[$i] = $line;
            continue;
        }
        if (!str_contains($line, '=')) {
            $map[$i] = $line;
            continue;
        }
        [$k,$v] = explode('=', $line, 2);
        $k = trim($k);
        if ($k === '') {
            $map[$i] = $line;
            continue;
        }
        if (array_key_exists($k, $pairs)) {
            if ($pairs[$k] === null) {
                $map[$i] = null;
            } // supprimé
            else {
                $map[$i] = $k.'='.env_quote((string)$pairs[$k]);
            }
            unset($pairs[$k]);
        } else {
            $map[$i] = $line;
        }
    }
    // append keys restantes
    foreach ($pairs as $k => $v) {
        if ($v === null) {
            continue;
        }
        $map[] = $k.'='.env_quote((string)$v);
    }
    // re-écriture
    $out = [];
    foreach ($map as $line) {
        if ($line === null) {
            continue;
        } $out[] = $line;
    }
    file_put_contents($envPath, implode(PHP_EOL, $out).PHP_EOL);
}

function env_quote(string $v): string
{
    if ($v === '' || preg_match('/\s|[#"\'=]/', $v)) {
        // met entre guillemets et échappe
        $v = str_replace(['\\','"'], ['\\\\','\\"'], $v);
        return "\"$v\"";
    }
    return $v;
}

function ensure_admin(): void
{
    // adapte à ton système
    if (empty($_SESSION['user']['is_admin'])) {
        http_response_code(403);
        exit('Forbidden');
    }
}