<?php
// ============================================================
//  api/comments.php
//
//  GET    /api/comments?streamer_id=N  — načti komentáře (veřejné)
//  POST   /api/comments                — přidej komentář
//  DELETE /api/comments?id=N           — smaž komentář (admin)
// ============================================================

require_once __DIR__ . '/db.php';

cors();

$method = $_SERVER['REQUEST_METHOD'];

// ------------------------------------------------------------------
// GET — komentáře pro daného streamera
// ------------------------------------------------------------------
if ($method === 'GET') {
    $sid = (int)($_GET['streamer_id'] ?? 0);
    if (!$sid) json_error('Missing streamer_id');

    $rows = db()->prepare("
        SELECT c.id, c.author, c.body, c.is_admin, c.created_at, c.user_id,
               u.display_name AS user_display, u.avatar AS user_avatar, u.provider AS user_provider,
               COALESCE(
                   (SELECT array_agg(rgm.group_id ORDER BY rgm.group_id)
                    FROM rater_group_members rgm WHERE rgm.user_id = c.user_id),
                   ARRAY[]::int[]
               ) AS team_ids
        FROM comments c
        LEFT JOIN users u ON u.id = c.user_id
        WHERE c.streamer_id = :sid
        ORDER BY c.created_at ASC
    ");
    $rows->execute([':sid' => $sid]);
    $rs = $rows->fetchAll();
    // Postgres returns array as PHP-native array via PDO; ensure shape
    foreach ($rs as &$r) {
        if (is_string($r['team_ids'])) {
            // Fallback: parse "{1,2,3}" string
            $r['team_ids'] = array_filter(array_map('intval', explode(',', trim($r['team_ids'], '{}'))), fn($x)=>$x>0);
        }
        $r['team_ids'] = array_values(array_map('intval', $r['team_ids'] ?? []));
    }
    unset($r);
    json_out($rs);
}

// ------------------------------------------------------------------
// POST — přidat komentář
// ------------------------------------------------------------------
if ($method === 'POST') {
    start_session();

    $body = body();
    $sid  = (int)($body['streamer_id'] ?? 0);
    $text = trim($body['body'] ?? '');

    if (!$sid)               json_error('Missing streamer_id');
    if (strlen($text) < 2)   json_error('Komentář je příliš krátký');
    if (strlen($text) > 1000) json_error('Komentář je příliš dlouhý (max 1000 znaků)');

    // Check auth settings
    $settings_row = db()->query("SELECT key, value FROM settings")->fetchAll();
    $settings = [];
    foreach ($settings_row as $r) $settings[$r['key']] = $r['value'];

    $auth_enabled = ($settings['auth_enabled'] ?? 'false') === 'true';
    $oauth_user   = $_SESSION['oauth_user'] ?? null;
    $is_admin     = !empty($_SESSION['is_admin']);

    // If auth required and user not logged in (and not admin)
    if ($auth_enabled && !$oauth_user && !$is_admin) {
        json_error('Pro komentování je vyžadováno přihlášení', 401);
    }

    // Determine author name and user_id
    if ($oauth_user) {
        $author  = $oauth_user['display_name'];
        $user_id = $oauth_user['id'];
    } else {
        $author  = mb_substr(trim($body['author'] ?? 'Anonym'), 0, 50) ?: 'Anonym';
        $user_id = null;
    }

    $stmt = db()->prepare("
        INSERT INTO comments (streamer_id, user_id, author, body, is_admin)
        VALUES (:sid, :uid, :author, :body, :is_admin)
        RETURNING id, author, body, is_admin, created_at
    ");
    $stmt->execute([
        ':sid'      => $sid,
        ':uid'      => $user_id,
        ':author'   => $author,
        ':body'     => $text,
        ':is_admin' => $is_admin ? 'true' : 'false',
    ]);
    $comment = $stmt->fetch();

    // Add user info to response
    if ($oauth_user) {
        $comment['user_display']   = $oauth_user['display_name'];
        $comment['user_avatar']    = $oauth_user['avatar'];
        $comment['user_provider']  = $oauth_user['provider'];
    }

    json_out($comment, 201);
}

// ------------------------------------------------------------------
// DELETE — smazat komentář (admin only)
// ------------------------------------------------------------------
if ($method === 'DELETE') {
    require_admin();
    $id = (int)($_GET['id'] ?? 0);
    if (!$id) json_error('Missing id');
    db()->prepare("DELETE FROM comments WHERE id = :id")->execute([':id' => $id]);
    json_out(['ok' => true]);
}

json_error('Method not allowed', 405);